# Monday, December 20, 2004

Scary

I hope they fix this one soon.

Paul has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct sophisticated cross-site scripting attacks against any web site. Please see the test below for an example of how this vulnerability can be exploited.

[ Secunia - Internet Explorer Cross-Site Scripting Vulnerability Test ]

I set all of my ActiveX, signed or not, approved or not, to prompt and this fixes that problem, however it then breaks my gmail. (Of course I then just “trusted” gmail, hope they don't abuse that trust...)

admin
#    Comments [5] |
Monday, December 20, 2004 1:33:23 PM (Eastern Standard Time, UTC-05:00)
I know you said you've done stuff with ActiveX, XML Data Islands, you're an IE guy, etc.

But maybe it's time to stop putting so many eggs in the MS basket?

I only use IE on one website -- our time tracking / job traffic software, which won't work in Firefox.
Joe Grossberg
Monday, December 20, 2004 1:39:01 PM (Eastern Standard Time, UTC-05:00)
Except if everyone switches to Firefox we'll still only have one basket...
Kearns
Monday, December 20, 2004 3:24:55 PM (Eastern Standard Time, UTC-05:00)
What I meant is, if we use cross-browser code (even if it is more limited than the 133tness we can pull off in proprietary stuff), we're not as dependent on one particular browser.

You could, for example, use Firefox until this is patched (in my ideal world).

I wouldn't want Firefox to be the majority browser anyway, but don't worry -- once it gets past 10%, it will lose its novelty and you'll have more hackers targeting it.
Joe Grossberg
Monday, December 20, 2004 3:48:40 PM (Eastern Standard Time, UTC-05:00)
Unfortunatly the moron who built our Intranet didn't force the cross-browser issue.

(Oh wait, I'm that moron...)
Kearns
Monday, December 20, 2004 7:13:06 PM (Eastern Standard Time, UTC-05:00)
Kearns, now that is not quite right. I can think of a handful of other morons who also worked on that intranet.
Alex
Comments are closed.