Here we go again - IE users warned to disable JavaScript

http://www.webuser.co.uk/news/top-stories/431941/ie-users-warned-to-disable-javascript

If you use version 6 or 7 of Microsoft's Internet Explorer browser you should disable the JavaScript function immediately.

Security experts have warned anyone using Internet Explorer 6 or 7 on a Windows XP or Windows Vista PC to take immediate steps to ensure their security.

This is because an exploit for a previously unknown flaw in the browser has been spotted in circulation.

The flaw could enable a hacker to take over a computer if a surfer visited a compromised website using a vulnerable version of the IE browser.

Proof-of-concept code is already circulating on the web, with more exploit code likely to be on the way.

Browser help and advice

Security firm Symantec advised surfers to disable JavaScript in IE and to ensure their anti-virus definitions were up to date.

"The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into sites, infecting potential visitors," Symantec said in a statement.

You can disable JavaScript in IE7 by going to Tools, Internet Options, click on the Security tab and then click on Custom Level. Scroll down until you find the entry for Scripting, then click on Disable.

In IE6, follow the same instructions, though you are looking for the entry for 'Active scripting' in the Custom Level dialogue box. You will also need to restart your browser for the fix to take effect.

Other versions of Internet Explorer and Windows could also be affected, Symantec warned.

Microsoft has not yet commented on the vulnerability.

 

Microsoft Security Advisory 977981 Released

 

Good luck with that!

Firefox flaws account for 44% of all browser bugs

 

It may be, but one of the most important difference between IE and Mozilla, regarding security issues, is the fact, that if any flaw is discovered in Mozilla product, a patch is usually issued in matters of hours; in case of IE, usually, you have to wait until "updates Tuesday ". Sometimes, IE security holes remain un-patched for months.

 

Please realize that both IE and Firefox have unpatched vulnerabilities.

• Firefox 2.0.x: 10% (3 of 29 Secunia advisories)
• Firefox 3.0.x: 0% (0 of 21 Secunia advisories)
• Firefox 3.5.x: 0% (0 of 5 Secunia advisories)

• Internet Explorer 6.x: 17% (24 of 143 Secunia advisories)
• Internet Explorer 7.x: 27% (11 of 41 Secunia advisories)
• Internet Explorer 8.x: 50% (3 of 6 Secunia advisories)

Yes, Firefox record is better, but nobody is perfect. Also to note is that Microsoft's IE 6 & 7 "most severe unpatched Secunia advisory" is rated as "Highly critical ", while IE8's "most severe unpatched Secunia advisory" is rated "Less critical ".

Another reason to have at least IE8 on your system.

In Firefox the "most severe unpatched Secunia advisory" is rated "Less critical ".

Disclaimer: I use both IE8 and Firefox 3.5.x a lot of times simultaneously (I have dual monitors... each browser has its own).

 

I definitely agree on IE8 better security level.

BTW, I don't see anything unpatched for FF, except for ver. 2.0, which is rather outdated version.