A First Look At Internet Explorer 8 RC1

bogaboga writes "TG Daily reports that Microsoft quietly released the first update to its IE8 beta 2 to its closest partners last week. This new version only scores a dismal 12/100 on the Acid 3 test, though the score improves significantly if one leaves the [browser] window open for at least a minute. It is marked as 'Release Candidate 1.'"

12/100?

[Masami+Eiri]

IE6.5 gets a 12/100 on the Acid3 test if you let it sit for a few moments. No, seriously. I wish I was kidding.

Re:But does it fix the critical vulnerability?

[BasharTeg]

Actually it does mitigate that vulnerability. Internet Explorer 7 and 8 both have the ability to enable DEP/NX heap protection. Unfortunately, due to certain extensions like Adobe Flash being written like shi... written in such a way that they weren't compatible with DEP/NX (I won't even get into them dodging protected mode, just see: http://keznews.com/4244_Vista_hacked_on_3rd_day_thru_Adobe_Flash__Linux_Undefeated_), but anyway, because of extensions like Flash and Java which weren't compatible with DEP/NX, Microsoft was unable to enable by default the DEP/NX protection in Internet Explorer 7 at release. However, you can enable it now since most plugins have been modified to work with DEP/NX.

To enable this protection in IE7 right now, go to Tools, Internet Options, Advanced, and check the check box next to "Enable memory protection to help mitigate online attacks". If you're running IE8 beta 2, you should notice that this check box is checked by default. This change should mitigate a significant number of future remote attacks against Internet Explorer 8.

If you check the advisory, one of the work arounds is enabling the DEP/NX protection in IE7.