Four Zero Days Disclosed in Internet Explorer

[Chiefcrowe]

https://threatpost.com/four-zero-days-disclosed-in-internet-explorer/113911

I wonder if the new edge browser will have fewer vulnerabilities that are patched per month compared to IE?

 

[smakme7757]

https://threatpost.com/four-zero-days-disclosed-in-internet-explorer/113911

I wonder if the new edge browser will have fewer vulnerabilities that are patched per month compared to IE?

Edge is supposed to be built from the ground up. So it will have bugs as it's new software. Just not bugs that have been lingering in the code for a decade.

Additionally Microsoft (and everyone else) is a lot more security minded these day which should make Edge a much better piece of Software than IE ever was.

 

[Elixer]

People still use IE?

 

[John Connor]

Got rid of IE back in 2004 and never looked backed. The only thing it was good for was downloading Mozilla at the time. Then I went Firefox. Now that Firefox is a suckfest with UI and crap I went Pale Moon. Also have Cyberfox installed.

 

[TheRyuu]

Edge is supposed to be built from the ground up. So it will have bugs as it's new software. Just not bugs that have been lingering in the code for a decade.

Additionally Microsoft (and everyone else) is a lot more security minded these day which should make Edge a much better piece of Software than IE ever was.

One can hope.

It'll have to be good to displace Chrome which is the gold standard for a secure browser currently. Firefox is pretty shit for security and IE doesn't really have extensions so if you want a secure browser you're really only left with one choice currently.

 

[smakme7757]

One can hope.

It'll have to be good to displace Chrome which is the gold standard for a secure browser currently. Firefox is pretty shit for security and IE doesn't really have extensions so if you want a secure browser you're really only left with one choice currently.

I don't really think Firefox is any less secure than Chrome. What makes you day that?

 

[VirtualLarry]

I don't really think Firefox is any less secure than Chrome. What makes you day that?

Lack of Sandboxing, or using Protected Mode in Windows? Firefox doesn't have the defense-in-depth that other browsers do.

 

[smakme7757]

Lack of Sandboxing, or using Protected Mode in Windows? Firefox doesn't have the defense-in-depth that other browsers do.

I read this after reading your post.

http://mobile.extremetech.com/lates...to-four-zero-day-exploits-at-pwn2own?origref=

Among other links. Seems like Firefox is lagging behind the others the last few years.

Not so keen on Chrome though.

 

[mikeymikec]

I've heard "built from the ground up" from MS a few times not to readily believe it the next time they say it.

 

[smakme7757]

I've heard "built from the ground up" from MS a few times not to readily believe it the next time they say it.

IE has really been limping along with all it's legacy code and ageless exploits. The world has cfanged sincr it was designed ans Microsoft has lost a tremendous amount of market share to Chrome and Firefox. It is in their best interest to build a new and fresh IE not held back by legacy support and old code and vulnerabilities.

So when they say "ground up" I'm more inclined to believe it.

If they fail to deliver or worse yet - lie, it will be the nail in the coffin for IE and Microsofts tracking revenue.

 

[mikeymikec]

If they give details such as abandoning Trident and using an existing rendering engine, then maybe I'll believe it, but I wonder how much of Opera had to be rewritten when they changed rendering engines at v12.

 

[Pantlegz]

People still use IE?

I didn't read the exploits to know if this applies but you don't always have to be running the software for it to be exploited, sometimes simply having it installed is enough and uninstalling IE isn't exactly easy.

 

[cabri]

People still use IE?

Businesses also - I have a client that utilizes IE8 for interfacing with Oracle/Accounting work.

 

[mikeymikec]

I didn't read the exploits to know if this applies but you don't always have to be running the software for it to be exploited, sometimes simply having it installed is enough and uninstalling IE isn't exactly easy.

Many apps use IE's rendering engine to show web page content.

 

[John Connor]

My first experience with IE 11!

Went to Sams Club and decided to load my forum and the varios tablets and crap they had to see how it would render since I don't have one of those finger poking tablets. To my surprise my site played nice with a tablet. But when I used a Windows 8 netbook with IE 11 the bloody browser said my SSL Cert was invalid! Said it had a problem with the date yet the damn date said right there in the browser the Cert. expired in Dec of 2015!.

Chrome worked on the tablet! LMAO!

What a waist of cockroach poop!

 

[KeithP]

HP’s Zero Day Initiative has released four new zero days in Internet Explorer Mobile that can lead to remote code execution on Windows Phones.

The four vulnerabilities originally were reported to Microsoft as affecting IE on the desktop, and later on it was discovered that they also affected IE Mobile on Windows Phones. Microsoft has patched all of the vulnerabilities in the desktop version of the browser, but the bugs remain open on IE Mobile. ZDI’s original advisories on these flaws said that they were zero days on Internet Explorer, as well. The company updated the advisories late Thursday to reflect the fact that the bugs only affect IE Mobile.

It seems like the discussion here is focused on the desktop browser but the story is about the mobile version on Windows Phone.

-KeithP

 

[Chiefcrowe]

Good catch! I though they affected the desktop as well, but it's good to see that they've been fixed already for that.