[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-Disclosure] IE Web Browser: "Sitting Duck"
From:       Georgi Guninski <guninski () guninski ! com>
Date:       2004-06-30 9:46:13
Message-ID: 20040630094613.GA2670 () sivokote ! iziade ! m$
[Download RAW message or body]

since CERT are "federally funded" does their advise mean it is "un-American"
to use internet explorer?

georgi

On Tue, Jun 29, 2004 at 09:25:32AM -0500, Edge, Ronald D wrote:
> Even CERT has issued an advisory that is really quite amazing in its
> bluntness:
> 	http://www.kb.cert.org/vuls/id/713878
> which was last updated June 25, 2004 in the wake of the download.ject
> attack by what appears to have been Russian criminal gangs out of a web
> site now shut down in Russia.
> 
> "Use a different web browser"
> "There are a number of significant vulnerabilities in technologies
> relating to the IE domain/zone security model, the DHTML object model,
> MIME type determination, and ActiveX. It is possible to reduce exposure
> to these vulnerabilities by using a different web browser, especially
> when browsing untrusted sites. Such a decision may, however, reduce the
> functionality of sites that require IE-specific features such as DHTML,
> VBScript, and ActiveX. Note that using a different web browser will not
> remove IE from a Windows system, and other programs may invoke IE, the
> WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). "
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]