codeBase vulnerability notes

Status
Not open for further replies.
TS | Thomas

TS | Thomas

Posts: 1,318   +2
Over on Pivx Solutions they've made a post regarding the codeBase vulnerabilities in Internet Explorer, something which has been at the root of multiple vulnerabilities in the browser over the years. Here's a small portion;
Microsoft have to realize that the current tight integration of innocent browser-level functionality cannot peacefully coexist with the application-level functionality (such as executing commands & reading files) that local zones expose. The Internet Zone & Local Zones should not both be exposed through Internet Explorer. In fact, I would recommend that Local Zones should be severely crippled in the short term, & completely removed in the long term. Everything that application-level Local Zone documents & help files require can already be accomplished through the use of HTML Applications - which have already existed for years as well.
Click to expand...
Would you like to know more? It's a pretty interesting read if you're into this sorta thing. On a related note I'll have a decent update for the Internet Explorer section of our Securing Windows guide soon enough.
 
Status
Not open for further replies.

Similar threads

A
Cisco warns against a critical vulnerability in IOS XE-based network devices
Replies
4
Views
333
Athlonite
Athlonite
A
Microsoft will let Internet Explorer's empty husk live on in Windows
Replies
4
Views
437
SilentMajority
S
E
Apple ignored warnings that AirDrop had a vulnerability that China learned to exploit
2
Replies
29
Views
534
hahahanoobs
hahahanoobs

Latest posts

Back