Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

US-CERT recommend to switch to an alternative browser

[es] :: Advocacy :: US-CERT recommend to switch to an alternative browser

[ Pregleda: 2115 | Odgovora: 1 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

dinke
Dragan Dinić
General Manager / Lampix.net
Beograd

Član broj: 933
Poruke: 1008
*.nat-pool.kg.sbb.co.yu.

Sajt: www.dinke.net


+2 Profil

icon US-CERT recommend to switch to an alternative browser31.01.2005. u 13:25 - pre 233 meseci
http://www.kb.cert.org/vuls/id/713878

Citat:
Vulnerability Note VU#713878
Microsoft Internet Explorer does not properly validate source of redirected frame
Overview
Microsoft Internet Explorer (IE) does not adequately validate the security context of a frame that has been redirected by a web server. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code with the privileges of the user running IE.

...
Citat:
Use a different web browser

There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.

It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages). Such a decision may, however, reduce the functionality of sites that require IE-specific features such as proprietary DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control (WebOC), or the HTML rendering engine (MSHTML).

 
Odgovor na temu

Sundance

Član broj: 7510
Poruke: 2559
*.sava.sczg.hr.



Profil

icon Re: US-CERT recommend to switch to an alternative browser31.01.2005. u 16:28 - pre 233 meseci
Koliko vidim dinke, to je samo jedna od stavki pod Solutions sekcijom.

Budi fer i citiraj ih sve:

- Apply a patch

- Disable Active scripting and ActiveX

- Apply the Outlook Email Security Update

- Read and send email in plain text format

- Maintain updated anti-virus software

- Do not follow unsolicited links

- Use a different web browser

Korištenje drugog bowsera je samo jedno od mogućih rješenja ovoga problema, a nikako eksplicitna preporuka cijelog ovog članka.

Nađi cijeli članak u kojem US-CERT govori da se ne treba koristiti IE pa ćemo pričat.
 
Odgovor na temu

[es] :: Advocacy :: US-CERT recommend to switch to an alternative browser

[ Pregleda: 2115 | Odgovora: 1 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.