Security firm warns of new Internet Explorer flaw, advises ‘use a different browser’

“Internet security research group Secunia issued a warning Wednesday about a security vulnerability it says it has discovered within Microsoft’s Internet Explorer Web browser. The flaw, which Secunia has ranked as ‘moderately critical,’ is found within Internet Explorer versions 5.01, 5.5, and 6, Secunia says in an advisory,” George V. Hulme reports for InformationWeek.

“Internet Explorer doesn’t block malicious Web sites from inserting ‘arbitrary content’ in an arbitrary frame in a browser window, the Danish security firm says. Secunia says the malicious content will appear as if it originated from a trusted site, which is an attack commonly known as spoofing,” Hulme reports.

“Secunia says it has verified the flaw in ‘a fully patched Internet Explorer 6 running on Microsoft Windows XP’ and that other versions of Internet Explorer could also be affected by this vulnerability. Secunia’s only advice is that Internet Explorer users not visit untrusted Web sites or select a different browser,” Hulme reports.

Full article here.

MacDailyNews Take: If you’re a Mac user still slogging along with Microsoft’s Internet Explorer (and our stats tell us there are still some of you out there), are you crazy? Please get with the program. It’s called Safari, it’s from Apple, and you can download it for free.

Requirements for Safari 1.2:
– Mac OS X 10.3 or later
– Any Macintosh computer

-Requirements for Safari 1.0:
– Mac OS X 10.2 or later
– Any Macintosh computer

More information and download link for Safari here.

MacDailyNews Note: You can use the Safari Debug Menu* to set Safari’s User Agent to one of many different browser choices if you need to access sites that are “blocking” Safari. Set your User Agent to “Windows MSIE 6.0” and you’ll be amazed at how many of these misguided sites will work with Safari.

*To turn on Safari’s Debug Menu, Quit Safari, launch Terminal and type:
defaults write com.apple.Safari IncludeDebugMenu 1
Launch Safari and the Debug Menu will be active.

To turn off Safari’s Debug Menu, Quit Safari, launch Terminal and type:
defaults write com.apple.Safari IncludeDebugMenu 0
Launch Safari and the Debug Menu will be inactive.

41 Comments

  1. Wait a minute MS says I need to use MSIE. Many sites use sniffers that will block you if you use a different browser.

    What is the average user to do….

    All I want to do is check my hotmail….

    ?

  2. > and our stats tell us there are still some of you out there

    Lies, damn lies, and masquerading browsers. Anyone really using Explorer deserves what they get — microchit.

  3. So…
    Since Microsoft has stopped development of ALL non-Windows browsers (not just Mac browsers) is Microsoft going to issue patches for all versions or just the Windows versions?

  4. My bank asks me to use MSIE 6.0 or Netscape 7.1 and indicates that Safari is not supported. What else can I do other than use Netscape 7.1? Not even the debug menu change to UserAgent to Netscape 7.0, because it does not work.

    This is, I think, because my bank is using some technology to develop the security site that only supports MSIE (from micros*it) and even with Netscape it does not work well.

  5. rick
    change your bank. I did.
    our airplane company accepts only msie so I changed airplane company.
    it is that easy. in this world if company does idiotic things you say no to them. it is that easy. You have to let them know that you are not happy with their service and they can keep it.

  6. time for the US Consumer Product Safety Commission to issue a recall of all PC’s running Microsoft System Software until this is fixed. If any other device had this many defects, they would not be allowed to sell the product in the US .

  7. rick, this is someting that I come across all the time. I use Safari primarily, but have Mozilla 1.7 installed as a secondary. I asked the webmasters of one website why Netscape 7.1 and above was allowed when Mozilla 1.4 and above wasn’t, when they are the same program. The answer was that they were looking into it, but three months later Mozilla is still being blocked. Stupid Microsoft brainwashed NetAdmins are to blame.

  8. Some one here posted using a browser that was supposedly faster than Safari….I wanna say it was a Japanese developed browser….anyone rememeber what it was?

  9. I am impressed. A security vulnerability this big, coupled with verifiable successful attacks against the IE-Windows users using websites is ranked as “moderately critical”. Riiiight… I trust Secunia very much, especially after their report about OS X’s supposedly bad security problems.

  10. Firefox is streets ahead of Safari. I don’t know whether it’s a common problem or something unique to my machine, but Safari doesn’t render apple.com properly on my box! Keep meaning to get around to a Safari reset and use that again, but I’d really miss find-as-you-type and some of the other cool things.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.