Here we go again with IE

[Paul]

From
Secunia
4 new vulnerabilities found in Internet Explorer

Quote:

1) It is possible to redirect a function to another function with the same name, which allows a malicious website to access the function without the normal security restrictions.

Successful exploitation allows execution of arbitrary script code in the context of another website. This could potentially allow execution of arbitrary code in other security zones too.

2) Malicious sites can trick users into performing actions like drag'n'drop or click on a resource without their knowledge. An example has been provided, which allows sites to add links to "Favorites". However, resources need not be links and the destination could be different than "Favorites".

This issue is a variant of an issue discovered by Liu Die Yu.
SA9711

http-equiv has posted a PoC (Proof of Concept), which combined with the inherently insecure Windows "shell:" functionality, can be exploited to compromise a vulnerable system.

3) It is possible to inject arbitrary script code into Channel links in Favorites, which will be executed when the Channel is added. The script code is executed in Local Security Zone context.

4) It is possible to place arbitrary content above any other window and dialog box using the "Window.createPopup()" function. This can be exploited to "alter" the appearance of dialog boxes and other windows.

[Alan Waddington]

I'm fed up with all these unpatched IE security flaws. Microsoft is clearly not on top of the problem. So I've installed Mozilla 1.7.1 and the Orbit 3+1 theme.

Alan

[Paul]

Oooh theme? Linky? Please I'm running Noia 2.0 here

[Alan Waddington]

It was on the mozilla website, so isn't exactly hidden under a bushel

http://themes.mozdev.org/themes/orbit.html

[Paul]

Shame I'm running firefox and it doesn't seem to think its compatible because that theme looks nice

[Alan Waddington]

Pity, I'm intending to put firefox on my notebook, so as to patch the security on that. Do you know whether firefox is smaller & faster than mozilla, coz my notebook is old and slow.

Alan

[Paul]

4.7 mb download compared to 21mb for mozilla but its only the browser application and not an email tool too, seems to run nicely for me on my system.
http://www.mozilla.org/download.html for a comparrison of file sizes etc

[Alan Waddington]

Looks just the ticket. Going upstairs to fire up notebook.

Cheers

Alan

[Paul]

Oh and http://www.mozilla.org/products/fire...uirements.html gives the requirements for running firefox
Firefox

Quote:

Windows
Operating Systems

* Windows 98
* Windows 98SE
* Windows ME
* Windows NT 4.0
* Windows 2000
* Windows XP (Recommended)

Minimum Hardware

* Pentium 233 MHz (Recommended: Pentium 500MHz or greater)
* 64 MB RAM (Recommended: 128 MB RAM or greater)
* 52 MB hard drive space

Mozilla

Quote:

Windows
Operating Systems

* Windows 95
* Windows 98
* Windows 98SE
* Windows ME
* Windows NT 4.0
* Windows 2000
* Windows XP

Minimum Hardware

* Pentium 233 MHz
* 64 MB RAM
* 52 MB hard drive space

[Alan Waddington]

This old notebook doesn't meet the minimum spec in practically all the measures, being Win95 90MHz 40MB RAM machine, which will be ten years old next year, but both firefox 9.2 & mozilla 1.7.1 appear to work, albeit rather slowly. I only use this clunker for email & low bandwidth web, neither of which are very demanding, but suspect i might have to get a new machine sometime in the next ten years

/Edit Firefox takes about 3 times longer then IE to load a page on this machine, probably because I'm running out of physical memory - but there's not much that can be done about that - looks like IE for known safe sites & Firefox for more general browsing.

[philip.j.fry]

Quote:

Originally Posted by Alan Waddington

This old notebook doesn't meet the minimum spec in practically all the measures, being Win95 90MHz 40MB RAM machine, which will be ten years old next year, but both firefox 9.2 & mozilla 1.7.1 appear to work, albeit rather slowly. I only use this clunker for email & low bandwidth web, neither of which are very demanding, but suspect i might have to get a new machine sometime in the next ten years

If pretty graphics don't bother you, you could try Lynx which is a text based web browser. It's small and very fast, some pages can be difficult to decipher in it but it's great for quick web access. I use it on my old 486 laptop for reading online novels.