Slashdot Mirror
Unpatched IE Flaw Extremely Critical
Durinthal writes "The biggest blip on the security radar over the Thanksgiving holiday was the realization by the security community that an Internet Explorer problem first identified six months ago was a lot worse than it appeared, as what appeared to be only a DoS vulnerability also allows for execution of arbitrary code. The realization caused Secunia to issue a rare 'Extremely Critical' advisory."
Does anyone think that a very handy Firefox add-on would be a button attached to this kind of dialogue that would instantly kill all Javascript scripts stone dead for the page? Once an OK/Cancel dialogue is up, you can't interact with Firefox's UI until you've responded to the dialogue and let the Javascript do something, which I think is poor design.
I read the article, and there was a link to a page that demonstrates the exploit. Now, am I the only one who is afraid to click such a link? There is something about seeing a link that basically says "click here to see how we can take over your machine" that sends chills down my spine. I don't know about you, but I never click those demonstration links on *MY* machine.
The more you regulate a company, the worse its products become.
Sarcasm aside, yes they should be responsible for what they wrote, even though it's a lot of code, and there are going to be bugs (human nature). It is shoddy software.
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
Although it can be "accepted" that code be released with unknown bugs (because we all make mistakes), the problem here is that the bug report is over 5 months old. It is one thing to ship buggy code, it is another thing to ignore bug reports and not fix your product once the bugs have been found. It is no longer unknown, Secunia has a release date of 2005-05-31 for that bug.
After 3 days without programming, life becomes meaningless
- The Tao of Programming