Internet Explorer shares Mozilla security flaw

A Word in their shell: like

By Jo Best, 13 July 2004 15:20

NEWS Mozilla, the browser that's weaning a portion of the Internet Explorer faithful away from Redmond's offerings, discovered last week that it had a security hole – not good news for a browser that's been touted by followers as a winner on security. This week, it seems the very same hole could be turning up in IE.

Secunia, which tracks software vulnerabilities and shared Mozilla's flaw with the public, has announced that IE could be equally vulnerable.

The flaw means that MSN Messenger and Word could allow malware merchants to run programs via embedded links included in Word documents or IM messages as it doesn't protect access to the "shell:" functionality.

The Mozilla Foundation has already issued a patch. Microsoft is investigating the possibility of Internet Explorer being vulnerable to the same flaw but has heard of no reported cases of the hole being used as a basis for attacks.

Comments

There are 2 comments. Join the discussion

  1. 1. Craig

    So it was never a flaw in Mozilla then was it?

    The flaw is in Windows. And, typically, it is up to third party developers to provide the fix which should have been fixed by Microsoft or better yet should never have existed in the first place.

  2. 2. Adrian midgley

    Doesn't apply to the Mozilla versions on other operating systems, I think...

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ