A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows 98 » General
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

Big Flaw in IE demonstrated by this test....



 
 
Thread Tools Display Modes
  #1  
Old July 4th 04, 02:03 AM
LuckyStrike
external usenet poster
 
Posts: n/a
Default Big Flaw in IE demonstrated by this test....

Saw this at another MS Newsgroup, and was quite shocked.


This below is a copy/paste of that post:
From: "Cnews-ms"
Subject: Test your IE browser for serious vulnerabilty
Date: Sat, 3 Jul 2004 18:13:46 -0500

paste
If you must continue using IE please go to the site below. I am concerned
because I applied the Microsoft Fix today, rebooted and IE still failed the
test. Mozilla and Firefox passed.
see for yourself . test
http://secunia.com/multiple_browsers...bility_te st/

CR
--
http://QLiner.com
/paste
--

LuckyStrike


How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
--------------------------------------------------------------------


  #2  
Old July 4th 04, 03:34 AM
LuckyStrike
external usenet poster
 
Posts: n/a
Default Big Flaw in IE demonstrated by this test.... but a remedy has been found

Looking closer into the issue revealed the solution for IE6 SP-1. By
disabling "Navigate sub-frames across different domains" in the security
tab, the problem was eliminated. Did a test and it passed. :-)

Internet Explorer Frame Injection Vulnerability
http://secunia.com/advisories/11966/
--
LuckyStrike

--------------------------------------------------------------------


  #3  
Old July 4th 04, 04:32 AM
pod
external usenet poster
 
Posts: n/a
Default Big Flaw in IE demonstrated by this test.... but a remedy has been found

I just tried what you said on my IE6sp1 in the security
tab and after doing that I wasn't able to view posts and
certain newsgroups and forum sites.


-----Original Message-----
Looking closer into the issue revealed the solution for

IE6 SP-1. By
disabling "Navigate sub-frames across different domains"

in the security
tab, the problem was eliminated. Did a test and it

passed. :-)

Internet Explorer Frame Injection Vulnerability
http://secunia.com/advisories/11966/
--
LuckyStrike
om
----------------------------------------------------------

----------


.

  #4  
Old July 4th 04, 04:46 AM
LuckyStrike
external usenet poster
 
Posts: n/a
Default Big Flaw in IE demonstrated by this test.... but a remedy has been found

Which sites and what posts? Obviously this one wasn't affected. I've not
experienced any problems whatsoever. But if you feel you have some issues
with it, simply undo the change, and see if things clear up for you. I mean
it isn't like having installed an un-removable patch. Using W98SE here
*fully updated* right up through todays' Windows Critical update KB870669.
--

LuckyStrike


How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
--------------------------------------------------------------------
"pod" wrote in message
...
I just tried what you said on my IE6sp1 in the security
tab and after doing that I wasn't able to view posts and
certain newsgroups and forum sites.


-----Original Message-----
Looking closer into the issue revealed the solution for

IE6 SP-1. By
disabling "Navigate sub-frames across different domains"

in the security
tab, the problem was eliminated. Did a test and it

passed. :-)

Internet Explorer Frame Injection Vulnerability
http://secunia.com/advisories/11966/
--
LuckyStrike
om
----------------------------------------------------------

----------


.



  #5  
Old July 4th 04, 04:46 AM
Mostly Me (MM)
external usenet poster
 
Posts: n/a
Default Big Flaw in IE demonstrated by this test.... but a remedy hasbeen found

LuckyStrike wrote:
Looking closer into the issue revealed the solution for IE6 SP-1. By
disabling "Navigate sub-frames across different domains" in the security
tab, the problem was eliminated. Did a test and it passed. :-)

Internet Explorer Frame Injection Vulnerability
http://secunia.com/advisories/11966/


Hi LS,

Here's a more certain cu
http://www.mozilla.org/products/firefox/

mm

  #6  
Old July 4th 04, 05:07 AM
pod
external usenet poster
 
Posts: n/a
Default Big Flaw in IE demonstrated by this test.... but a remedy has been found

Which sites? Well this site that I'm posting from is one
example. Had to undo the change to view any posts. But
it's no biggie I was just trying it out and clearly
there's some disadvantages to disabling that feature in
the security tab. Each to their own I guess And yes
my win98se is fully updated too...

-----Original Message-----
Which sites and what posts? Obviously this one wasn't

affected. I've not
experienced any problems whatsoever. But if you feel you

have some issues
with it, simply undo the change, and see if things clear

up for you. I mean
it isn't like having installed an un-removable patch.

Using W98SE here
*fully updated* right up through todays' Windows Critical

update KB870669.
--

LuckyStrike
om

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
----------------------------------------------------------

----------
"pod" wrote in

message
...
I just tried what you said on my IE6sp1 in the security
tab and after doing that I wasn't able to view posts and
certain newsgroups and forum sites.


-----Original Message-----
Looking closer into the issue revealed the solution for

IE6 SP-1. By
disabling "Navigate sub-frames across different

domains"
in the security
tab, the problem was eliminated. Did a test and it

passed. :-)

Internet Explorer Frame Injection Vulnerability
http://secunia.com/advisories/11966/
--
LuckyStrike
om
-------------------------------------------------------

---
----------


.



.

  #7  
Old July 4th 04, 05:54 AM
LuckyStrike
external usenet poster
 
Posts: n/a
Default Big Flaw in IE demonstrated by this test.... but a remedy has been found

Oh, I see. You're talking about the MS Web based newsgroup site. Yeah, I'd
guess you might have to set that feature to prompt if you want to access the
posts. I guess they originate from different domains. :-) This aspect will
not bother me as far as this issue goes; I don't use the Website to access
these newsgroups, but rather prefer Outlook Express to provide that
function. You should try it...you'd like it.

I admit, I went there and tried and it is just as you've said. As to what
other negative effects may occur, I don't know. I've ventured to a multitude
of sites and strangely (or not so strangely?) the MS site is the first to
have balked. Will you say it or shall it be me? "Typical"! ;-D
--

LuckyStrike


How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
--------------------------------------------------------------------
"pod" wrote in message ...
Which sites? Well this site that I'm posting from is one
example. Had to undo the change to view any posts. But
it's no biggie I was just trying it out and clearly
there's some disadvantages to disabling that feature in
the security tab. Each to their own I guess And yes
my win98se is fully updated too...

-----Original Message-----
Which sites and what posts? Obviously this one wasn't

affected. I've not
experienced any problems whatsoever. But if you feel you

have some issues
with it, simply undo the change, and see if things clear

up for you. I mean
it isn't like having installed an un-removable patch.

Using W98SE here
*fully updated* right up through todays' Windows Critical

update KB870669.
--

LuckyStrike
om

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
----------------------------------------------------------

----------
"pod" wrote:
...
I just tried what you said on my IE6sp1 in the security
tab and after doing that I wasn't able to view posts and
certain newsgroups and forum sites.


snipped


  #8  
Old July 4th 04, 05:59 AM
LuckyStrike
external usenet poster
 
Posts: n/a
Default Big Flaw in IE demonstrated by this test.... but a remedy has been found

Perhaps you are right MM. That "simple fix" could be a hassle. If one sets
to prompt or disable as I do for a lot of things, it may be a week before
you actually can access the site, if ones' finger doesn't get totally
cramped from all the clicking for no Scripts, no ActiveX, oh ok...navigate
sub-frames, uh -oh... ISP timed-out. ;-D
"Mostly Me (MM)" wrote in message
...
LuckyStrike wrote:
Looking closer into the issue revealed the solution for IE6 SP-1. By
disabling "Navigate sub-frames across different domains" in the security
tab, the problem was eliminated. Did a test and it passed. :-)

Internet Explorer Frame Injection Vulnerability
http://secunia.com/advisories/11966/


Hi LS,

Here's a more certain cu
http://www.mozilla.org/products/firefox/

mm



 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 12:20 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.