For the second consecutive year Secunia claims it has found a flaw on Microsoft’s Internet Explorer browser, and this year’s flaw is the same as last year.

The flaw discovered in 2005 on Explorer 6 and now on Explorer 7, enables attackers to steal user information that’s being entered on a separate website, just as long as the user is visiting a site exploiting the flaw in another window.

Last year Secunia found the same flaw in Internet Explorer 6, but it remains unpatched by Microsoft.

Until the flaw is patched, Secunia says an alternative solution is to “disable active scripting support.” Details on how to do this can be found on Microsoft’s website.

But a Microsoft spokesman said the reports by Secunia are technically inaccurate.

“The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express,” he said “While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express.”

Oh! Thanks for that clarification.



  1. moss says:

    Looking at John’s poll over there in the RH column — at this moment — I’d say this isn’t going to be a problem for 88.2% of us. 🙂

  2. Peter Rodwell says:

    I tried IE7 when I tried the beta version of Vista – it was awful. The constant “security” checks made it quite unusuable. I guess Micro$oft’s programmers were so busy adding all those checks to IE7 that they forgot about IE’s existing problems…

  3. Improbus says:

    I will not use IE7 unless forced too. They will have to pry my Portable Firefox from my cold dead fingers.

  4. V says:

    I upgraded to IE7 because 6 is crap. And 7 is…still crap. When will the developers realize that the rendering engine actually matters?

  5. John Rice says:

    I have been using IE 7 for over a month, and like everything about it. For me it is easy to use, intuative in use, fast, and every so much better that the last IE. I don’t understand why all the negative comments.

  6. Improbus says:

    I don’t understand why all the negative comments.

    Because we don’t get paid to say nice things about IE. That and most of us don’t trust Microsoft any further than we can throw the Redmond campus. The damn browser has only been out 24 hours or so and it already has security hole in it. I am sure Microsoft will get around to fixing it when they feel like it.

  7. Ron Jeremy says:

    get yourself a linksys rvs4000 router. it’s built-in IPS with the most recent signature blocks attacks like this…

  8. Greymoon says:

    #2, #3, #4, #6

    Drama Queens, the lot of ya. I downloaded it because I had to in order to test sites I design. IE7 works fine on my 2 test systems, one of which is 7 years old, yeah thats right 7 years and running xp just fine. All the sites I have designed in the last 5+ years have had no display/render problems at all with IE 7. Has Microsoft turned over a new leaf in quality? I doubt it – security will remain a problem, but not mine, I use Firefox for all my browsing, If a site needs activeX or a IE specific nuiance, I just dont use that site and let the owners know it.

    As for IE 7, get over yourselves Drama Queens, and for Microsoft – golf clap

  9. gquaglia says:

    Why is anyone surprised by this. Its still IE and is still crap. I love how the M$ apologists defend their god with such zeal. I avoid all M$ products whenever I can.

  10. Fabrizio Marana says:

    Well, I’m on the IE6 side of the classroom (My company laptop is much better then my private one, so I use that one most of the time).

    Personally, I would be GLAD with IE7 and tabbed browsing! (That and NoScript are the only things I miss in IE compared to FF)

    Oh, and I hate Flash as much as ActiveX because both allow pop-ups to sneak past the pop-up blocker. I’d rather have NO FLASH then a pop-up every now and then. No YouTube, alas!

    🙂

    Fabrizio


0

Bad Behavior has blocked 5411 access attempts in the last 7 days.