I will not compare it to Safari, because that one has grown on me more than just somewhat, but I'll say--bugs notwithstanding--it is a pity so many people were still using IE. Consider:
- Tabbed browsing (if you are in the Linux world you take this for granted, but have you seen your windows relatives with 10 open IE windows? A mess)
- Extensions (http://update.mozilla.org/extensions/?application=firefox): This alone is worth a million switches. Too many nice toys, all of them very tiny (4-30kb typically).
- Clean rendering, fast.
- Safari-esque google window top right. (With history)
- Simplicity
A number of people I know appear to be switching, but for those who haven't, this is to recommend Firefox. Much better way to use the Internet.
On Jul 14, 2004, at 08:05, Kiggundu Mukasa wrote:
http://secunia.com/advisories/12048/
1) It is possible to redirect a function to another function with the same name, which allows a malicious website to access the function without the normal security restrictions.
Successful exploitation allows execution of arbitrary script code in the context of another website. This could potentially allow execution of arbitrary code in other security zones too.
2) Malicious sites can trick users into performing actions like drag'n'drop or click on a resource without their knowledge. An example has been provided, which allows sites to add links to "Favorites". However, resources need not be links and the destination could be different than "Favorites".
This issue is a variant of an issue discovered by Liu Die Yu. SA9711
http-equiv has posted a PoC (Proof of Concept), which combined with the inherently insecure Windows "shell:" functionality, can be exploited to compromise a vulnerable system.
3) It is possible to inject arbitrary script code into Channel links in Favorites, which will be executed when the Channel is added. The script code is executed in Local Security Zone context.
4) It is possible to place arbitrary content above any other window and dialog box using the "Window.createPopup()" function. This can be exploited to "alter" the appearance of dialog boxes and other windows.
Successful exploitation may potentially cause users to open harmful files or do other harmful actions without knowing it.
An additional issue allowing malicious sites to inject script into the Local Security Zone using anchor references has also been reported to affect Internet Explorer 6 running on Windows XP SP2 (release candidate / beta). This issue could not be confirmed on a fully patched Windows XP SP1 system.
Issues 1-4 has been confirmed on a fully patched system with Internet Explorer 6 and Microsoft Windows XP SP1.
Previous versions of Internet Explorer may also be affected.....................
**************** ***************************** Kiggundu Mukasa # Computer Network Consultancy### KYM-NET LTD. # Intranets & Internet Solutions# Plot 80 Kanjokya Street P.O. Box 24284 Kampala, Uganda Tel: +256 77 972255 +256 71 221141 Fax: +256 31 262122 *****************************************************************
----------------------------- P. A. Bagyenda Digital Solutions P.O.Box 23833 58 Bukoto Str. Kampala, UGANDA
Tel: +256-41-540143 Mob: +256-77-507743 Web: http://www.dsmagic.com -----------------------------
This email and any files transmitted with it are confidential, and may also
be legally privileged. If you are not the intended recipient, you may not
review, use, copy, or distribute this message. If you receive this email in
error, please notify the sender immediately by reply email and then delete
this email.
--------------------------------------------- This service is hosted on the Infocom network http://www.infocom.co.ug
