Slashdot Mirror
IE7 Vulnerability Discovered
slidersv writes "Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the "you wanted it easier and more secure" slogan found on Microsoft's IE Website."
This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released.
The same problem is known on IE 6 since April 2006
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
IE7, freshly installed this morning, on XP SP2 reports not vulnerable. Perhaps it was already patched, or the exposure is more limited than the post implies...
Not an MS fan, but truth and accuracy are always good.
Excuse, but where did you read that FF has that exact same vulnerability?
Also, even though FF does have issues, I believe you'll be hard pressed to find a vulnerability in FF that has been known for years and still gone unfixed. (According to heise on http://www.heise-security.co.uk/news/79745 this is actually an old bug that also affects IE 6)
If it's so secret, then how come I've never heard of it?
Not an issue - domains actually have a dot at the end, in the format, e.g.:
blabla.tld.
http://www.google.com/
http://www.google.com./
Both work.
This IE hole requires no user interaction. Unlike the firefox bugs he links to a simple web page can leverage this IE hole with no extra user input. And considering the URI exploited is used within email I'd imagine Outlook is susceptable, too. So the firefox vulnerabilities mentioned are much less likely to be exploited than this IE hole.
Developers: We can use your help.