Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE7 Vulnerability Discovered

Posted by ryuzaki0 on from the that-didn't-take-long dept.

slidersv writes "Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the "you wanted it easier and more secure" slogan found on Microsoft's IE Website."

15 of 386 comments (clear)

  1. two words by doti · · Score: 5, Funny

    ha ha

    --
    factor 966971: 966971
    1. Re:two words by parodyca · · Score: 5, Funny

      but that was only one word..... twice

    2. Re:two words by AKAImBatman · · Score: 5, Funny

      One word: Brillant!

      --
      Javascript + Nintendo DSi = DSiCade
    3. Re:two words by knightmad · · Score: 5, Funny

      If you are going to do, at least do it right:

      ha ha

  2. Browsers are just too complex by cliffski · · Score: 5, Insightful

    Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users. Granted a lot of stuff is demanded by web develoeprs who want fancy this, animated that, and sliding and fading the other, but to be honest, most of us dont need any of that junk.
    As end users, how much of browser bloat do we really need?
    I think there was a slashdot story asking for feature requests for firefox recently. my main request is this please:

    less of everything

    Its already at the case where im starting to notice how long it takes firefox to start. Sometimes more features does not mean better. Its like anything, cars, mobile phones, TVs, they all have major feature bloat.
    I found it actually impossible to buy a new mobile *without* internet access. Its insane. i remember when you didnt have an animated 'startup' screen for your phone, because the damned things just switched on.

    Feature bloat -> just say no :D

    --
    DRM-free indie games for the PC and Mac: Positech Games
    1. Re:Browsers are just too complex by Goaway · · Score: 5, Funny

      Here's your porch, here's your chair, and here's your lawn. Now repeat after me, "DAMN KIDS! GET OFFA MY LAWN!"

    2. Re:Browsers are just too complex by AKAImBatman · · Score: 5, Insightful
      Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users.

      You would lose that wager. 80%+ of the technology that makes web browsers tick is required just to show you a blasted web page. The standardized APIs allow a good way for JavaScript to then make those pages interactive. Not too many sites are JavaScript-free these days.

      What I think you're trying to say, is that features above and beyond the W3C standards are:

      1. Not useful
      2. Poor attempts at lockin
      3. Dangerous

      If Microsoft would just stick to the bloody standards, we'd all be better off. Unfortunately, they're still in 1995 mode, trying to beat Netscape at their own propertization game. It wouldn't surprise me if the requests for DOM 2 Events support were STILL ignored in this "final" release of IE7. *grumble* And Microsoft thinks developers will like them because of this?
      --
      Javascript + Nintendo DSi = DSiCade
  3. Misunderstanding by MrSquishy · · Score: 5, Funny

    Maybe the line should read "You wanted it easier AND more secure?".

  4. Let's be fair by Lars+T. · · Score: 5, Informative

    The same problem is known on IE 6 since April 2006

    --

    Lars T.

    To the guy who modded me down from perfect to terrible Karma - Apple haters still suck

  5. Yawn. by Honest+Olaf · · Score: 5, Funny

    Stretch. Scratch.

    Oh, an IE vulnerability? That's cool man.

    Hey, anyone want to get some lunch?

  6. Re:Firefox by Anonymous Coward · · Score: 5, Interesting

    Actually Firefox has a similar vulnerability, which has been unpatched for months (as a design decision - there is no way to patch it without breaking useful stuff).

    This is a new report of a old vulnerability which isn't serious. The fact that it's been released "not 24 hours" after IE 7 was released is, I would think, because someone decided to release it to coincide with the launch.

  7. Re:Old exploit by abaddononion · · Score: 5, Interesting
    This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released.

    To me, at least, that's kind of the point. I mean, this is an old old IE6 bug, that M$ has known about for a certainly reasonable amount of time. Yet, they still haven't fixed it. And not to say it's a big deal that they haven't fixed it in IE6 yet. It's not like it's a Critical Priority bug (no pirates can steal Windows or MP3s because of it). But they point is, they did their whole "We heard you" campaign, and claimed IE7 was going to be this great new secure landscape... and they didn't even clean up the old IE6 bugs they KNEW about? I mean, seriously, at this point are we supposed to believe that they're even trying?
  8. IE7 maybe not vulnerable? by jrsp · · Score: 5, Informative

    IE7, freshly installed this morning, on XP SP2 reports not vulnerable. Perhaps it was already patched, or the exposure is more limited than the post implies...

    Not an MS fan, but truth and accuracy are always good.

  9. Helllloo? by thepotoo · · Score: 5, Insightful
    Last time I checked, Firefox was open source. You are more than welcome to fork the project and make a "lite" version. I would probably give it a try.

    But, don't forget that if you strip away too much, you'll end up with Lynx. Some people like at least images and css, you know?

    --
    Obligatory Soundbite Catchphrase
  10. Re:Old exploit by Overly+Critical+Guy · · Score: 5, Insightful

    Well, you could argue that it was quickly discovered to still exist in IE7. Interestingly, this vulnerability contradicts claims that IE7 is a rewrite. Clearly, it is not.

    --
    "Sufferin' succotash."