cancel
Showing results for 
Search instead for 
Did you mean: 

Another reason to DUMP INTERNET EXPLORER 6, 7, & 8 (possibly 9 as well)

shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Another reason to DUMP INTERNET EXPLORER 6, 7, & 8 (possibly 9 as well)

I`m not usually concerned with the argument between Firefox and Internet Explorer, as to which is the safest to use..... but this article has definitely swayed me to stick with Firefox, or any other browser, rather than Internet Explorer...
http://arstechnica.com/microsoft/news/2010/11/exploit-kit-inclusion-could-make-internet-explorer-0-d...
7 REPLIES 7
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Another reason to DUMP INTERNET EXPLORER 6, 7, & 8 (possibly 9 as well)

So you don't mind Firefox zero-day exploits like this one (now patched)? http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Or maybe you just didn't read about it?
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Another reason to DUMP INTERNET EXPLORER 6, 7, & 8 (possibly 9 as well)

No, I did not read about it.....
.
.
.
.
.
.BUT........ and note the dates inside the quote ....
Quote

Critical vulnerability in Firefox 3.5 and Firefox 3.6
10.26.10 - 02:30pm
Update (Oct 27, 2010 @ 20:12):
A fix for this vulnerability has been released for Firefox and Thunderbird users.
Firefox 3.6.12 and 3.5.15 security updates now available
Thunderbird 3.1.6 and 3.0.10 security updates now available

Whereas the original link states...
Quote
Though Microsoft is aware of the flaw, a patch will not be included in today's Patch Tuesday patches.
Thus far, the company has not said when a patch will be release
d,
though inclusion of an exploit in a toolkit means that it will be under additional pressure to release an early patch rather than waiting for December's Patch Tuesday.


Shocked Shocked Shocked
matt_2k34
Grafter
Posts: 1,300
Registered: ‎09-07-2007

Re: Another reason to DUMP INTERNET EXPLORER 6, 7, & 8 (possibly 9 as well)

IE is embedded into all windows machines, like it or not.
IE 8/9 is actually not a bad browser (and is my main browser)
IE gets bad presse because of it is widely used. I am not suprised, you still have to have some form of getting this code onto your system (e.g. a site that is compromised, or malicious - or downloading something 'dodgy')
behave yourself online and your normally alright Tongue (and if you cant behave yourself, switch to an alternative browser)
0-day exploits are in all, the fact that the FF report is popular as it gets fixed is nothing new, afterall people wouldnt want to be put off FF would they...
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Another reason to DUMP INTERNET EXPLORER 6, 7, & 8 (possibly 9 as well)

Quote from: shutter
.BUT........ and note the dates inside the quote ....

I don't see the significance.  A few weeks ago a zero-day exploit was found in Firefox but it was patched a little while later.  I linked to the announcement of the fix.  I don't think it was discovered and fixed in a day, as Mozilla might wish to imply.  It might have been made public through official channels then fixed the following day but that's not the same thing and I'm not even sure that is true.
Now a zero-day exploit has been found in IE.  I imagine it will be fixed shortly even if (gasp, horror) Microsoft have to issue an update outside of their normal monthly sequence.
Plus ca change, plus c'est la meme chose. 
VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: Another reason to DUMP INTERNET EXPLORER 6, 7, & 8 (possibly 9 as well)

Quote from: ReedRichards
I don't see the significance.  A few weeks ago a zero-day exploit was found in Firefox but it was patched a little while later.  I linked to the announcement of the fix.  I don't think it was discovered and fixed in a day, as Mozilla might wish to imply.  It might have been made public through official channels then fixed the following day but that's not the same thing and I'm not even sure that is true.
Now a zero-day exploit has been found in IE.

But it wouldn't be a zero day exploit unless this was the first day the application team became aware of the exploit.
i.e. Zero days old.  Roll_eyes

"In The Beginning Was The Word, And The Word Was Aardvark."

ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Another reason to DUMP INTERNET EXPLORER 6, 7, & 8 (possibly 9 as well)

Jeremy, you may be literally correct but I think the term is generally used more loosely to indicate an exploit for which there is no patch/fix (as opposed to an exploit which targets out-of-date software) .  I have never heard reference to a one-day exploit, a two-day exploit etc. which would be the logical continuation if the term were applied rigorously. 
7up
Community Veteran
Posts: 15,824
Thanks: 1,579
Fixes: 17
Registered: ‎01-08-2007

Re: Another reason to DUMP INTERNET EXPLORER 6, 7, & 8 (possibly 9 as well)

I don't even use IE or FF. I use Seamonkey. Slightly more secure than FF though its not as well advertised and still uses the mozilla engine so the pages etc render the same way. This does also mean its vulnerable to some of the same exploits but the way it handles and stores info etc (anything outside of the mozilla component) is supposedly better.
It's also better at handling memory.
I need a new signature... i'm bored of the old one!