Secunia PSI reports Internet Explorer as insecure

  • Thread starter Thread starter Herbert Eppel
  • Start date Start date
This is a public newsgroup composed of your fellow Windows XP users (see
the title). If you have a question on what Secunia opines about Internet
Explorer, try the Secunia discussion forums.
 
Since there is nothing we can do about it if it is true, I've continued with
IE8 and set Windows for automatic update.

Frank
 
Herbert said:
Nevertheless, I'm still interested in finding out what fellow Windows XP
users make of the insecurity report.
Click to expand...

As typical with many Secunia reports, there is insufficient information
for technically-expert users to determine just WHAT is the
vulnerability. They might hide the specifics so they are not seen as
proliferating the vulnerability by enabling malcontents that could then
learn how to implement the vulnerability.

XSS in IE8 isn't perfect and was deliberately designed not to be; else,
it would be far to corruptive to many web sites. That the XSS filter
was added was to improve security, not lock down tight that no XSS
functionality can be employed by a web site.

http://blogs.msdn.com/ie/archive/2008/07/01/ie8-security-part-iv-the-xss-filter.aspx
"Ultimately we have taken a very pragmatic approach ¡V we choose to not
to build the filter in such a way that we compromise site compatibility.
Thus, the XSS Filter defends against the most common XSS attacks but it
is not, and will never be, an XSS panacea."

If you want to totally lock down a web site, use a text-only web
browser. There are a diminishing number of web sites where they display
just text so you'll lose a lot of content in the form of structure and
non-text features.
 
As typical with many Secunia reports, there is insufficient information
for technically-expert users to determine just WHAT is the
vulnerability. They might hide the specifics so they are not seen as
proliferating the vulnerability by enabling malcontents that could then
learn how to implement the vulnerability.

XSS in IE8 isn't perfect and was deliberately designed not to be; else,
it would be far to corruptive to many web sites. That the XSS filter
was added was to improve security, not lock down tight that no XSS
functionality can be employed by a web site.

http://blogs.msdn.com/ie/archive/2008/07/01/ie8-security-part-iv-the-xss-filter.aspx
"Ultimately we have taken a very pragmatic approach ¡V we choose to not
to build the filter in such a way that we compromise site compatibility.
Thus, the XSS Filter defends against the most common XSS attacks but it
is not, and will never be, an XSS panacea."

If you want to totally lock down a web site, use a text-only web
browser. There are a diminishing number of web sites where they display
just text so you'll lose a lot of content in the form of structure and
non-text features.
Click to expand...

Thanks for your comments.

Herbert Eppel
www.HETranslation.co.uk
 
Back
Top