Exploits a plenty – IE / Excel (Firefox?)



There are a number of vulnerabilities that are currently unpatched, but have working publicly known exploits for Excel (*2) and Internet Explorer (2 vulnerabilities here as well.) Proof of Concept code has been released for both the Excel and Internet Explorer vulnerabilities. This means, with the code publicly available, it won’t be long before it’s bundled into other malware delivery structures…. You might look at alternative browsers, BUT…. be forewarned that one of these vulnerabilities appears to work on a fully patched install of Mozilla-Firefox. (According to Sans – the Secunia code doesn’t – but the full disclosure exploit code does affect Firefox.) I’ve seen word of early 1.5.0.5 builds being available – I wonder if that will be modified to fix this issue?


The Excel flaws have been talked about for a while, code is now available which ratchets up the concern around those. For web browsing – it might be worthwhile to consider browsers other than IE unless absolutely necessary. Yes, firefox is affected by one of these, but time to patch has typically been shorter for browsers OTHER than IE.

Avoid clicking links in unexpected emails/attachments in unexpected emails. It’s all a matter of trust….

For IE users – you might protect yourself by running as a limited user or one of the various programs that will let IE drop priviliges. Sandboxie.com might be one possibility for you.

–UPDATE — 6/30/06 –

It appears that Firefox IS NOT VULNERABLE to the above vulnerabilities. According to SANS there had been some initial concern that one of these vulnerability exploits also worked with Firefox. Further investigation has turned that out to be false. There’s also a brief comment at a mozillazine.org weblog on the issue (referring to the SANS post.)

Related Posts

Blog Traffic Exchange Related Posts
  • Ebay "sell your item" upgrade leaves linux behind? Ebay is apparently aware of some problems with their new "Sell your item" tool and linux web browsers. The linux.com article above says that they tried with several browsers windows/linux/mac and the common denominator was linux. Even firefox on linux failed where firefox on windows worked (and the user agent......
  • The "secure software" dilemma It's quite a dilemma when a software product is billed as more secure than another.... several days back when Mozilla Firefox released v. 1.5.0.4 which fixed a number of security issues, I saw someone comment "I thought firefox was supposed to be secure." I think there's a misunderstanding when it......
  • Microsoft November 2005 patch day That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited.... Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have automatic updates if at all possible. This months most critical update relates to a vulnerability in the......
Blog Traffic Exchange Related Websites
  • How to Install Window Boxes Window boxes add charm to any home and they are so easy to install that anyone can do it. You're going to need to get a few things together before you get started. Your tools will include: window box brackets a level that is longer than the window box you......
  • Apple claims Safari 4 to be the Fastest Browser Safari 4 is World's fastest browser: Apple When compared to other browsers, Apple boasts that Safari 4’s JavaScript is up to eight times faster than IE 8 and more than four times faster than Firefox 3; and Safari 4 loads HTML web pages more than three times faster than IE......
  • What Kind Of Software Runs Successfully On A VPS Host? Nowadays, the VPS or the virtual server provider is being provided by various webhosting companies. This kind of hosting is being offered as a more preferred choice than the typical shared server innovations. Moreover, this is more economical than the dedicated server. The UK VPS host includes special mail sending......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site