rebron.org: Everyday Life, Work, Ironman Training

home | photos | toolbox | about me

November 5, 2005

Dept of Homeland Security says use a different web browser

Tags: mozilla.org — 12:03 am Comments (1)

US CERT, part of the Department of Homeland Security continues to recommend that users of Internet Explorer “use a different web browser”. The folks there can’t say it but we all know what they want to say and that’s use Firefox.

Here’s the vuln note: http://www.kb.cert.org/vuls/id/680526

Here’s the text:

Use a different web browser

There are a number of significant vulnerabilities in technologies involving the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.

It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages). Such a decision may, however, reduce the functionality of sites that require IE-specific features such as proprietary DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control (WebOC), or the HTML rendering engine (MSHTML).

Someone at Microsoft had said that they didn’t gain anything when Firefox has vulnerabilities, and they go into their standard line that security is an industry problem which it is. The fact is though, they do gain, they should be checking their own code when someone finds a vulnerability in ours because chances are, they may have the same problem (I know of several cases when that was the case). But I don’t know if those guys think that way.



1 Comment »

  1. Dept Of Homeland Security Says Use A Different Browser

    Word from the authorities:…

    Trackback by Firefox — November 7, 2005 @ 11:57 pm

RSS feed for comments on this post. TrackBack URI

Leave a comment

rebron.org: Rafael Ebron's Web site