View Full Version : Mozilla Feeds on Rival's Woes

Jul 2, 2004, 09:23 AM
Category: News and Press Releases
Link: Mozilla Feeds on Rival\'s Woes (http://www.macbytes.com/link.php?sid=20040702102357)
Posted on MacBytes.com (http://www.macbytes.com)

Approved by Mudbug

Jul 2, 2004, 10:04 AM
Gary Schare claims that the CERT advisory is being misinterpreted in that many sources reporting the IE vulnerability advise users to stop using IE.

Directly from the CERT advisory (Vulnerability Note VU#323070 Outlook Express MHTML protocol handler does not properly validate location of alternate data)

Excerpt from Section III - Solution:
Use a different web browser

There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). It is possible for a different browser on a Windows system to invoke IE to handle MHTML protocol URLs

It seems to me that they feel it would be prudent to totally remove IE from your system...

I'm not sure how Mr. Schare feels that this is misinterpreted, seems like he is just putting the MS spin on it and hoping no one actually takes the time to read the CERT advisory.

Entire advisory available at: http://www.kb.cert.org/vuls/id/323070

Jul 2, 2004, 03:55 PM
While I would certainly recommend removing IE from any Macs, (the one-two punch of Safari and FireFox is more than adequate). You cannot remove it from Windows, as folder browsing runs on the same tech. (As does Windows Update, which is important)

That being said, using IE on any platform to browse the web is insane.

Jul 2, 2004, 04:09 PM
I was led to believe that Mac IE is not subject to these problems.