Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

Remind me why people still use IE

The Register: IE 6 SP1 omits fixes for 20 outstanding flaws:

Because of the way frames (and iframes) are handled by IE version 5.5 and above, attackers are able to get to all sorts of mischief with minimal effort, including:

  • Read local files from the victim’s hard drive, using a default local resource (ironically dubbed “PrivacyPolicy”) that contains frames in IE
  • Execute arbitrary programs on the victim’s computer, using the woefully misnamed “PrivacyPolicy” resource
  • Read a victim’s cookie and content from any remote site that contains a frame, which can lead to session-stealing and account compromise on sites containing frames—such as Hotmail
  • Forge the content of any site that contains a frame. For example, the attacker could show the user a fake login screen at hotmail.com and log the results to a database

Luckily, an upgrade is available which provides immunity to all of the above vulnerabilities (sorry, I just couldn’t resist that particular dig ;) ).

Posted 11th September 2002 at 12:47 pm

This is Remind me why people still use IE by Simon Willison, posted on 11th September 2002.

View blog reactions

Next: MySQLFront vanishes

Previous: Disable CSS bookmarklet

5 comments

  1. aasdfmasifasfljasf

    milad - 5th November 2003 16:10 - #

  2. hi

    veris - 25th November 2003 16:45 - #

  3. Most probably people don't give a shit to Microsoft bashers. Nobody really care about those lies. People either don't care about them or that they know that they are lying in most of the cases. If you are so sure that you are right and build a company that promotes anti-Microsoft stuff and try to make a living on that company. Then you will see what it means to face the real challenges in the real world. You may try the trick of using the "web standards" words again and again, and you may also try to spread FUD against Microsoft by claiming that they are going to drop support for the web etc... and you will see that you are going to go bankrupt quickly, cause it is easy to talk and so you will have lots of competitiors who do the same thing and they are going to compete for the niche market. But if you can convince that people are going to save money, be better off by following you then I would say you are not bullshitting here.

    Serge - 29th January 2004 21:26 - #

  4. ...............

    Hazem - 14th April 2004 12:46 - #

  5. Hi there, I have just downloaded the latest XP update on my system and now when I try to open my hotmail account I get a blank white page and a note at the bottom saying 'done'. WHYYYYYY???? Please tell me how to fix it as it is really pissing me off! Thanks

    Macc - 8th January 2006 01:56 - #

Comments are closed.

Previously hosted at http://simon.incutio.com/archive/2002/09/11/remindMeWhyPeopleStillUseIE

A django site