Microsoft Internet Explorer Vulnerability Warning Issued

The flaw focuses on IE's inline frames, often used for serving ads, which typically come from a different domain than content that appears on the same Web page. Microsoft's Internet Explorer 6, 7, and 8 beta 1 appear to contain a security flaw that could subject users who visit a malicious Web site or open a malicious e-mail message to arbitrary code. U.S. CERT has published a vulnerability note indicating Internet Explorer doesn't handle document frames securely.

Document frames can be used to subdivide Web pages such that the content associated with each division comes from a different server or domain. These "iframes," or inline frames, often are used for serving ads, which typically come from a different domain than content that appears on the same Web page.

The problem, as U.S. CERT describes it, is that "Microsoft Internet Explorer fails to properly restrict access to a document's frames, which may allow an attacker to modify the contents of frames in a different domain."

Link: Secunia Security Advisory
View: Full Article @ InformationWeek

Report a problem with article
Previous Story

Microsoft's XP SP3 Patch Fixes Anti-Virus Glitch

Next Story

Office subscription service ready to go

21 Comments

Commenting is disabled on this article.

I agree with ajua[/b], if one looks hard and long enough flaws can be found in any code. With the rising popularity of FF, look for more cretins to attack users through it.

I think that the line "appear to contain a security flaw that could subject users who visit a malicious Web site or open a malicious e-mail message to arbitrary code." says it all. There is no proof of concept or exploit confirmation yet, so IE users can wait for Microsoft to issue a patch for this.

BTW, there is no such thing as "secure" software. However, some companies are better at writing secure code than others.
Meanwhile, all the popular software receive feedback and fix their vulnerabilities.

I prefer Firefox, but i don't like to bash IE because i think it is a good browser. As good as the others out there. It is just a matter of taste (and FF extensions)...

(RichardK said @ #4)
LOL, Secunia and Security in the same sentence... priceless!

Care to share the rationale of your sarcasm?

(cork1958 said @ #3)
Definitely NOT a reason to migrate to Firefox. It EASILY has as many flaws, if not more than IE now a days!!

Care to share your source?

Ohes noes, Firefox has one unpatched vulnerability. Gee I WONDER HOW MANY IE HAS! Hmmmmmmmmmm.....
Straight from Secunia.com:

Product IE7
Vendor Microsoft

Affected By 29 Secunia advisories

Unpatched 34% (10 of 29 Secunia advisories)

Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical


Next time you want to prove that Firefox is all "vulnerable" and has "problems", you might want to consider out the buttload of problems IE has before you post.
You know, just to get some perspective. And not scew things totaly one way.

This isn't Fox News, you know. If you pull that sort of crap around here, people are going to point out the gaping hole in your logic. Because they can. And because it's a hole. That gapes.
Now look sad and say "Duh'oh!"

(Airlink said @ #3.3)
Ohes noes, Firefox has one unpatched vulnerability. Gee I WONDER HOW MANY IE HAS! Hmmmmmmmmmm.....
Straight from Secunia.com:

Product IE7
Vendor Microsoft
Affected By 29 Secunia advisories
Unpatched 34% (10 of 29 Secunia advisories)

...

This isn't Fox News, you know. If you pull that sort of crap around here, people are going to point out the gaping hole in your logic. Because they can. And because it's a hole. That gapes.
Now look sad and say "Duh'oh!"

Are you talking to me? Because if you are, you are about to look pretty dumb.

Firefox 2.x (you know, the version with a comparable history, as it would be grossly disingenuous to compare Firefox 3 to anything) should be the one used to compare, unless you are deliberately comparing a fresh release to avoid the truth. It has a significant and comparable number of vulnerabilities, with the current most severe one rated at "Highly critical", which is the second-worst value they apply. IE7's rating is only "Moderately critical", which is the middle rating, less severe than Firefox.

I know this isn't Fox. I just guess I expected a little more reason and comprehension from those reading my posts. For example, I posted I am a firefox user, and gave recognition to Opera for their good work. I don't like IE. I don't use IE. I use Linux and cannot use IE, so there goes your theory that I am somehow in a conspiracy to screw Firefox in IEs favor.

Goodbye.

Straight from Neowin

"Neowin.net"
Related news
Microsoft Internet Explorer 7.0 Details Be...
Three New Internet Explorer Vulnerabilities
Microsoft Internet Explorer Two Vulnerabil...
Microsoft Internet Explorer Disclosure of...
Four Microsoft Internet Explorer Multiple...
Internet Explorer Vulnerability Exploited...
Internet explorer vulnerability.

I don't think you need to be a Mensa member to figure out the pattern here.

"This vulnerability doesn't work on Opera. Another reason to migrate."

See? Just as useless of a post, but at least my suggestion doesn't cost money.

This vulnerability doesn't work on Firefox. Another reason to migrate.

This vulnerability doesn't work on Safari. Another reason to migrate.

Oh this is fun! Any more useless comments?

(markjensen said @ #1.1)
"This vulnerability doesn't work on Opera. Another reason to migrate."

See? Just as useless of a post, but at least my suggestion doesn't cost money. ;)


Correction: It doesnt work on Windows Internet Explorer.
It does on Microsoft Internet Explorer.