[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] IE Web Browser: "Sitting Duck"

To: "Edge, Ronald D" <edge@xxxxxxxxxxx>
Subject: Re: [Full-Disclosure] IE Web Browser: "Sitting Duck"
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
Date: Wed, 30 Jun 2004 12:46:13 +0300

since CERT are "federally funded" does their advise mean it is "un-American"
to use internet explorer?

georgi

On Tue, Jun 29, 2004 at 09:25:32AM -0500, Edge, Ronald D wrote:
> Even CERT has issued an advisory that is really quite amazing in its
> bluntness:
>       http://www.kb.cert.org/vuls/id/713878
> which was last updated June 25, 2004 in the wake of the download.ject
> attack by what appears to have been Russian criminal gangs out of a web
> site now shut down in Russia.
> 
> "Use a different web browser"
> "There are a number of significant vulnerabilities in technologies
> relating to the IE domain/zone security model, the DHTML object model,
> MIME type determination, and ActiveX. It is possible to reduce exposure
> to these vulnerabilities by using a different web browser, especially
> when browsing untrusted sites. Such a decision may, however, reduce the
> functionality of sites that require IE-specific features such as DHTML,
> VBScript, and ActiveX. Note that using a different web browser will not
> remove IE from a Windows system, and other programs may invoke IE, the
> WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). "
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?
Next by Date: [Full-Disclosure] Cisco Security Advisory: Cisco Collaboration Server Vulnerability
Previous by thread: RE: [Full-Disclosure] PIX vs CheckPoint
Next by thread: RE: [Full-Disclosure] IE Web Browser: "Sitting Duck"
Index(es):
- Date
- Thread