Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE7 Vulnerability Discovered

Posted by ryuzaki0 on from the that-didn't-take-long dept.

slidersv writes "Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the "you wanted it easier and more secure" slogan found on Microsoft's IE Website."

8 of 386 comments (clear)

  1. Browsers are just too complex by cliffski · · Score: 5, Insightful

    Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users. Granted a lot of stuff is demanded by web develoeprs who want fancy this, animated that, and sliding and fading the other, but to be honest, most of us dont need any of that junk.
    As end users, how much of browser bloat do we really need?
    I think there was a slashdot story asking for feature requests for firefox recently. my main request is this please:

    less of everything

    Its already at the case where im starting to notice how long it takes firefox to start. Sometimes more features does not mean better. Its like anything, cars, mobile phones, TVs, they all have major feature bloat.
    I found it actually impossible to buy a new mobile *without* internet access. Its insane. i remember when you didnt have an animated 'startup' screen for your phone, because the damned things just switched on.

    Feature bloat -> just say no :D

    --
    DRM-free indie games for the PC and Mac: Positech Games
    1. Re:Browsers are just too complex by acvh · · Score: 4, Insightful

      While I agree with your No Bloat argument, you neglected an oft overlooked reason that IE contains all these "features", and it's not web developers. It's application developers. There are a slew of vertical market applications that many small to midsize companies are using, where the developer has dropped, or maybe never had, its own user interface, in favor of using IE and ActiveX controls. Insurance brokerages, medical practices, law firms and more, all of them have large, commercial, expensive applications available to them for running their businesses, and many of them are IE based. IE in these cases is just the front end to data stores running on everything from SQL Server on Intel to AIX on Power to whatever. Many times with no Internet connectivity at all.

      MSFT can't just disable, drop or change these features, because doing so could break an enter business. So they just pile up more and more code into an already chaotic program.

    2. Re:Browsers are just too complex by AKAImBatman · · Score: 5, Insightful
      Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users.

      You would lose that wager. 80%+ of the technology that makes web browsers tick is required just to show you a blasted web page. The standardized APIs allow a good way for JavaScript to then make those pages interactive. Not too many sites are JavaScript-free these days.

      What I think you're trying to say, is that features above and beyond the W3C standards are:

      1. Not useful
      2. Poor attempts at lockin
      3. Dangerous

      If Microsoft would just stick to the bloody standards, we'd all be better off. Unfortunately, they're still in 1995 mode, trying to beat Netscape at their own propertization game. It wouldn't surprise me if the requests for DOM 2 Events support were STILL ignored in this "final" release of IE7. *grumble* And Microsoft thinks developers will like them because of this?
      --
      Javascript + Nintendo DSi = DSiCade
  2. Helllloo? by thepotoo · · Score: 5, Insightful
    Last time I checked, Firefox was open source. You are more than welcome to fork the project and make a "lite" version. I would probably give it a try.

    But, don't forget that if you strip away too much, you'll end up with Lynx. Some people like at least images and css, you know?

    --
    Obligatory Soundbite Catchphrase
  3. Re:Old exploit by Overly+Critical+Guy · · Score: 5, Insightful

    Well, you could argue that it was quickly discovered to still exist in IE7. Interestingly, this vulnerability contradicts claims that IE7 is a rewrite. Clearly, it is not.

    --
    "Sufferin' succotash."
  4. Re:Let's be fair by Overly+Critical+Guy · · Score: 4, Insightful

    That makes it worse. Not only is IE7 not a "rewrite" as some claimed, but it doesn't fix known vulnerabilities in its previous version. At least if it was new code, you could understand and expect an unknown vulnerability.

    --
    "Sufferin' succotash."
  5. Re:two words by PhrostyMcByte · · Score: 4, Insightful

    How much you want to bet this guy found the vuln weeks ago, but held off on releasing it so he could brag that he discovered the first IE7 vuln, and it only took him less than 24hr!

  6. Re:two words by PylonHead · · Score: 4, Insightful

    Yes, you're right.. it is traditional when releasing a new version of software to THROW OUT ALL YOUR CODE AND START OVER FROM SCRATCH.

    I love it when people in the cake decorating industry post to slash dot.

    --
    # (/.);;
    - : float -> float -> float =