“Internet security research group Secunia issued a warning Wednesday about a security vulnerability it says it has discovered within Microsoft’s Internet Explorer Web browser. The flaw, which Secunia has ranked as ‘moderately critical,’ is found within Internet Explorer versions 5.01, 5.5, and 6, Secunia says in an advisory,” George V. Hulme reports for InformationWeek.
“Internet Explorer doesn’t block malicious Web sites from inserting ‘arbitrary content’ in an arbitrary frame in a browser window, the Danish security firm says. Secunia says the malicious content will appear as if it originated from a trusted site, which is an attack commonly known as spoofing,” Hulme reports.
“Secunia says it has verified the flaw in ‘a fully patched Internet Explorer 6 running on Microsoft Windows XP’ and that other versions of Internet Explorer could also be affected by this vulnerability. Secunia’s only advice is that Internet Explorer users not visit untrusted Web sites or select a different browser,” Hulme reports.
Full article here.
MacDailyNews Take: If you’re a Mac user still slogging along with Microsoft’s Internet Explorer (and our stats tell us there are still some of you out there), are you crazy? Please get with the program. It’s called Safari, it’s from Apple, and you can download it for free.
Requirements for Safari 1.2:
– Mac OS X 10.3 or later
– Any Macintosh computer
-Requirements for Safari 1.0:
– Mac OS X 10.2 or later
– Any Macintosh computer
More information and download link for Safari here.
MacDailyNews Note: You can use the Safari Debug Menu* to set Safari’s User Agent to one of many different browser choices if you need to access sites that are “blocking” Safari. Set your User Agent to “Windows MSIE 6.0” and you’ll be amazed at how many of these misguided sites will work with Safari.
*To turn on Safari’s Debug Menu, Quit Safari, launch Terminal and type:
defaults write com.apple.Safari IncludeDebugMenu 1
Launch Safari and the Debug Menu will be active.
To turn off Safari’s Debug Menu, Quit Safari, launch Terminal and type:
defaults write com.apple.Safari IncludeDebugMenu 0
Launch Safari and the Debug Menu will be inactive.
Wait a minute MS says I need to use MSIE. Many sites use sniffers that will block you if you use a different browser.
What is the average user to do….
All I want to do is check my hotmail….
?
> and our stats tell us there are still some of you out there
Lies, damn lies, and masquerading browsers. Anyone really using Explorer deserves what they get — microchit.
Sniffers only usually target Safari because they think its an out-dated version of netscape. Download Mozilla Firefox as a second browser.
I dumped my hotmail account when I found out who was behind it so long ago I can’t even remember what year was it.
So…
Since Microsoft has stopped development of ALL non-Windows browsers (not just Mac browsers) is Microsoft going to issue patches for all versions or just the Windows versions?
Firefox works great for all us none OSxers (plenty out here waiting for the next generation g5 computers and imacs…)
My bank asks me to use MSIE 6.0 or Netscape 7.1 and indicates that Safari is not supported. What else can I do other than use Netscape 7.1? Not even the debug menu change to UserAgent to Netscape 7.0, because it does not work.
This is, I think, because my bank is using some technology to develop the security site that only supports MSIE (from micros*it) and even with Netscape it does not work well.
E*Trade Bank supports Safari AND it’s free AND pays interest on all accounts.
rick
change your bank. I did.
our airplane company accepts only msie so I changed airplane company.
it is that easy. in this world if company does idiotic things you say no to them. it is that easy. You have to let them know that you are not happy with their service and they can keep it.
time for the US Consumer Product Safety Commission to issue a recall of all PC’s running Microsoft System Software until this is fixed. If any other device had this many defects, they would not be allowed to sell the product in the US .
rick, this is someting that I come across all the time. I use Safari primarily, but have Mozilla 1.7 installed as a secondary. I asked the webmasters of one website why Netscape 7.1 and above was allowed when Mozilla 1.4 and above wasn’t, when they are the same program. The answer was that they were looking into it, but three months later Mozilla is still being blocked. Stupid Microsoft brainwashed NetAdmins are to blame.
Some one here posted using a browser that was supposedly faster than Safari….I wanna say it was a Japanese developed browser….anyone rememeber what it was?
I am impressed. A security vulnerability this big, coupled with verifiable successful attacks against the IE-Windows users using websites is ranked as “moderately critical”. Riiiight… I trust Secunia very much, especially after their report about OS X’s supposedly bad security problems.
Firefox is streets ahead of Safari. I don’t know whether it’s a common problem or something unique to my machine, but Safari doesn’t render apple.com properly on my box! Keep meaning to get around to a Safari reset and use that again, but I’d really miss find-as-you-type and some of the other cool things.
Firefox Rocks.
I use Safari as my default browser and have installed Firefox to handle any sites that don’t like Safari. This has proven to be both an effective and safe combination for me. I deleted MSIE from my hard drive several months ago because I have no need for it. It’s a shame Windows users don’t have the option to do that, but that’s what they get for using Windows…
Hmm, so this Windows IE issue is “moderately critical” according to Secunia, yet far more trivial issues with OS X are deemed highly critical by them?!? These guys are a piece of work…
Glofoto, I think the browser you are looking for is….. SHIIRA. I use it all the time. GREAT!
“MacDailyNews Note: You can use the Safari Debug Menu* to set Safari’s User Agent to one of many different browser choices if you need to access sites that are “blocking” Safari. Set your User Agent to “Windows MSIE 6.0” and you’ll be amazed at how many of these misguided sites will work with Safari.
*Quit Safari, launch Terminal and type:
defaults write com.apple.Safari IncludeDebugMenu 1
Launch Safari and you’ll have the Debug Menu active.
If you wish to turn it off, quit Safari, launch Terminal and type:
defaults write com.apple.Safari IncludeDebugMenu 0
Launch Safari and the Debug Menu will be inactive.”
Come on MDN the whole purpose of using the mac is ease-of-use. Your solution is a pain-in-the-ass. When Safari doesn’t work…people default to IE. Maybe it’s time for some education about alternatives.
giofoto,
I think you may be referring to Shiira, a Japanese browser built for OS X (source code is available). Current version is 0.9.2.2, so it’s not quite there yet, but it has a great deal of promise. Speedwise, it seems about on par with Safari to me, although I haven’t used it extensively enough to judge. One nice feature is that when you start it up, it automatically uses your existing Safari bookmarks. It’s not as polished as Safari in my opinion, but it’s still young, and the developers deserve a great deal of credit for their achievement thus far. On the browser front, OS X really has an embarassment of riches. “Shiira” is the Japanese word for “dolphin” by the way, the fish (dorado, mahi-mahi), not the mammal.
“This is, I think, because my bank is using some technology to develop the security site that only supports MSIE (from micros*it) and even with Netscape it does not work well.” – rick
Let me get this right. You trust a bank that “is using some technology to develop the security site that only supports MSIE“? Don’t you know that ‘security’ doesn’t belong in the same sentence with ‘Windows’ and ‘IE’? Run to your bank and plainly state to your bank why you are closing your account.
max,
Quit Safari, In Terminal type:
defaults write com.apple.Safari IncludeDebugMenu 1
This is too hard for you?
Oh well, run Safari Enhancer then – it does the same thing:
http://www.lordofthecows.com/safari_enhancer.php
Some Mac users are “Terminalphobic.”
Firefox is very good, but Camino is the aquafied implimentation. Mmmmm, lickable….
Sorry, hit “Submit” instead of “Preview”. I was just going to add that the default theme is Aqua, not Brushed Metal, for all those who don’t like the “metallic-ky goodness” of Safari
” width=”19″ height=”19″ alt=”grin” style=”border:0;” /> [apologies to As The Apple Turns]
On a personal note, I would love to see a full-featured Cocoa browser with the revolutionary history feature of Trailblazer.
Luther,
The problem is when you update your system or safari and forget how you enabled the debug menu when it’s gone. That pisses one off. I’ll check out safari enhancer again but that seemed to cause me problems with some secure sites before.