Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE7 Vulnerability Discovered

Posted by ryuzaki0 on from the that-didn't-take-long dept.

slidersv writes "Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the "you wanted it easier and more secure" slogan found on Microsoft's IE Website."

4 of 386 comments (clear)

  1. Re:Firefox by Anonymous Coward · · Score: 5, Interesting

    Actually Firefox has a similar vulnerability, which has been unpatched for months (as a design decision - there is no way to patch it without breaking useful stuff).

    This is a new report of a old vulnerability which isn't serious. The fact that it's been released "not 24 hours" after IE 7 was released is, I would think, because someone decided to release it to coincide with the launch.

  2. Re:Browsers are just too complex by hey! · · Score: 4, Interesting

    Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users.

    I don't think this is the case, because for the most part users don't choose which broswer features they use; web sites do that for them.

    However, I think the web development model is far too complex, which both causes site developers to create security holes in their applications, and creates many places for security holes to exist in the browser itself.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  3. Re:Old exploit by abaddononion · · Score: 5, Interesting
    This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released.

    To me, at least, that's kind of the point. I mean, this is an old old IE6 bug, that M$ has known about for a certainly reasonable amount of time. Yet, they still haven't fixed it. And not to say it's a big deal that they haven't fixed it in IE6 yet. It's not like it's a Critical Priority bug (no pirates can steal Windows or MP3s because of it). But they point is, they did their whole "We heard you" campaign, and claimed IE7 was going to be this great new secure landscape... and they didn't even clean up the old IE6 bugs they KNEW about? I mean, seriously, at this point are we supposed to believe that they're even trying?
  4. Using Vista RC1 by Utopia · · Score: 4, Interesting

    The Secunia test says I am not vulnerable with Vista RC1

    Vista RC1 was released almost a month ago.
    So I am surprised this new XP IE7 build still exibits this issue.

    Looking at the source, I suspect this is not a IE issue at all, instead this is a MSXML issue.
    Vista has anewer version of MSXML.
    XP IE7 seems to be using the older version.