US CERT, part of the Department of Homeland Security continues to recommend that users of Internet Explorer “use a different web browser”. The folks there can’t say it but we all know what they want to say and that’s use Firefox.
Here’s the vuln note: http://www.kb.cert.org/vuls/id/680526
Here’s the text:
Use a different web browser
There are a number of significant vulnerabilities in technologies involving the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.
It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages). Such a decision may, however, reduce the functionality of sites that require IE-specific features such as proprietary DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control (WebOC), or the HTML rendering engine (MSHTML).
Someone at Microsoft had said that they didn’t gain anything when Firefox has vulnerabilities, and they go into their standard line that security is an industry problem which it is. The fact is though, they do gain, they should be checking their own code when someone finds a vulnerability in ours because chances are, they may have the same problem (I know of several cases when that was the case). But I don’t know if those guys think that way.