dammIT

A rantbox

Thu 13 October 2005

IE6, Netscape and Firefox vulnerabilities

Posted by Michiel Scholten in posts   

They all have several flaws, as can even be heard in the national news from time to time. Compare them here [IE6] [advisories of 2005], here [Netscape 8.x] [advisories of 2005] and here for Mozilla Firefox [advisories of 2005]. Look closely. No one is flawless, but Microsoft has a bug in IE6 that's over 2.5 years old. The series of bugs that enables malicious sites to let IE6 download a file encoded in an html file, save it to harddisk [even in your windows dir, overwriting notepad.exe or whatever if you want], and silently execute it, all without showing the user one sign of the activity, safe for the [ever blinking, especially in windows] hdd led on your pc. One hell of a good way to install a trojan horse with keylogging capabilities and whatever modern horses have nowadays. The amount of serious flaws that enables people to get total access to your pc continues to amaze me.

You also see that quite a lot Firefox's vulnerabilies wheren't even that severe, or restricted to a certain situation. Netscape 8.x continues to be a weird piece of software; based on Firefox, but having security flaws the size of IE6's. Ah, wasn't IE6's engine an option to be used in Netscape 8 besides the Gecko one?

Comments