Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: [Ring-of-Fire] IE is just as safe as FireFox
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 13 Nov 2004 11:48:41 -0600

On Fri, 2004-11-12 at 09:41, Eric McCarty wrote:
[...] IE is just
as secure as Firefox. Why?, because we don't click on fake citibank
adds, 

It is my understanding that some flaws, for example the recent IFRAME
overflow issue, do not require a user to click on anything. Am I
mistaken?

[...] Don't sleep with hookers if you don't want AIDS, it's as simple as that.

I agree. But I'd say that IE *is* the hooker.  :)

In all fairness, though, pretty much all the other browsers are
whor^H^H^H^H faulty too. (As Michal Zalewski has shown recently)

The difference between them and IE is that they require a patch for the
browser application, whereas IE often requires fixes that reach far
deeper into the system (thanks to tight integration into the OS). And
that means that sometimes IE fixes and OS fixes step on each others toes
(erm, DLLs?) and creating conflicts or even invalidate each other.
Wasn't there a recent IE flaw that was fixed long ago and then surfaced
again? How did that happen?

The browser-wars are over, and they all lost. The question is how much
impact a faulty browser has on the remainder of the system. The question
that we should be asking ourselves is not "Is IE as safe as Firefox" but
"Does a faulty IE have a larger impact on the system than a faulty
Firefox".

Regards,
Frank

--
* It is easier to fix simple systems than it is to fix complex systems.
* Fixes should modify core components. They should not be bolted onto
core components.

Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]