I am a computer repair tech and a customer hit this bugger at Kelly Blue Book web site, 74 .gif files were infectied but Norton AV snaged it all.

Anyone have some recent resource link(s) on this that could explain the details of the vulnerability?

Check this link:

http://www.incidents.org/

or

http://www.microsoft.com...dent/download_ject.mspx

http://www.mozilla.org/products/firefox/why/
this is why i use an alternate browser ;)

edit: looks like links are disabled?

The only reason Internet Explorer is attacked, is that it's used by 95% of the world online population. If everyone moved to Mozilla browsers, then the virus writers and hackers would target that... The Mozilla browsers have just as many security issues, but hackers don't target them, as they are a small minority. I fear that Mozilla may be MORE open to vunrabilities, as nobody has really tested it's robustness to attack on the same scale as IE gets "tested" (tested as it real life).

Just like Apache is much more used as web server and yet IIS is much more insecure?

People just do yourselves (and all others) a big favour and stop using this insecure and old browser. Move foreward and start using better, modern and secure browsers like Firefox, Mozilla or Opera.

Agree with you all the way.

I don't agree. Firefox is not integrated in the OS, so despite being open to attacks like every other application connected to the Internet, it's not as dangerous as IE.

It's not about Firefox being secure, it's about IE being insecure.

The "if more users were using firefox, more firefox hacks would come out" argument is completely false. The reason that Firefox and other browsers are more secure is that they follow w3c standards and don't allow arbitrary code execution. Microsoft extends browsing capabilities via technology like ActiveX which allows a "slicker" user experience with compromised security by allowing arbitrary code execution. Really it's just weak, unstandardised trash that wreaks havoc on the internet, both by eliminating standards and by being horrendously vulnerable to attack. The only code execution browsers like Firefox allow is via Java, which runs inside of it's own secure virtual machine. Hacking java is extremely difficult, and were it to be compromised, it is not a Firefox problem, it's a Sun problem. Happy browsing!

OK, there is some real bad information in here. First of all, IE is NOT, I repeat, NOT integrated into the OS. IE is a micrsoft product. Windows is a Microsoft product. Its only natural they are paired. There isn't a person on the planet (if they are smart) that wouldn't try to promote their own products. That being said, IE, like another user pointed out, is under scrutiny because its ubiquitous. Mozilla (and Firefox) are just as vulernable to security holes, as IE... but because they are not as prevalent, they don't get the same press.. for these type of issues. I distinctly remember, '94 Netscape users bragged about their browser being "bulletproof" to certain attacks, then AOL users starting adopting Netscape as their browser of choice, a short time later.. Netscape was forced to change their Java support, because hackers could gain control of machines (this was before DSL routers) via a backdoor in java. IE, being VB script dominated at that time, wasn't as susceptable, and the viscious code had an adverse affect on Certain versions of Netscape.. that was the beginning of the end of Netscape. You people have a very short memory for problems. I could list hundreds of examples, Linux, Sun, Unix, and other hybrids.. EVERY OS has security concerns. ITs all programming preparation. There is not a complete foolproof solution. As long as people program, people make mistakes, and other people try and exploit those mistakes.

OK, so let me see if I have this straight.. Hacking Java is a Sun problem, not Firefox eh? So I exploit a vulnerability, and it affects EVERY browser that uses this so called WC3 compliant, including FireFox. It may be difficult, but not impossible. So using your shortsided analogy, Airport security is a Airport problem, not an Airline problem. So if you manage to breach security, and a group of terrorists gets aboard a plan, and crashes it into 2 big buildings, I suppose that wouldn't be a problem except for that one airport eh? Well that's just brilliant. They just happened to choose Boston Logon, but it could have happened anywhwere, anytime. That's the point. Security, is a concern for everyone. Vulnerabilites in a browser, would be breached, when it gets past that Virtual Machine. In Theory, it should work, but like we keep saying, it HASN'T been tested for its robustness yet. 100 million users world wide use IE. Netscape, Mozilla, Firefox.. Less than 5 million. Enough said. For now, you are safe, but I wouldn't start crooning too loudly just yet, that's just the time you get hit...

...this is the biggest, most powerful....in the world. It's unsinkable (Captain, HMS Titanic)

Sorry RIP, slaesche makes a very good point despite your best efforts to bury it in sarcasm. Microsoft tends to set its own standards and the result has sometimes been huge holes for hackers to exploit. Further, Java does have an advantage in stability. No one has suggested that firefox or any of the other alternatives is bulletproof, only that they are smaller targets and wear a little better body armor. In the current environment those are significant advantages.

...this is the biggest, most powerful....in the world. It's unsinkable (bussines criminal, Bill Gates, Micro$oft)

Wrong. IE is part of Windows. Windows explorer uses IE's shell for the desktop and rest of the GUI. And many programs use IE files such as shdocvw.dll to render their HTML-based GUIs. Additionally, Microsoft classifies Internet Explorer as an OS component.

Use windows explorer, type a url like www.betanews.com in the address field. You will note that a webpage opens inside windows explorer.

Look at your process list in task manager, you will note that Internet Explorer is not running.

rijp,

I think that the main advantage that Firefox has over other browsers such as IE is that there is a smaller surface area exposed to potential vunerabilities.

I don't think anyone would want to contend that Firefox has no vulnerabilties, and that will never have any.

The plain facts of the matter is that IE is simply very big and interfaces to every conceiveable portion of the O/S. This is evident when Microsoft releases a security patch for Internet Explorer that states:
"You need to apply this service patch even if you do not use Internet Explorer".

This has nothing to do with the security of it, though. All it means that it is shipped with every version of Windows (ie, more ubiquitous).

The integration of IE does NOT effect security. IE would be EXACTLY the same, security wise if it were a stand-alone product. Just because the OS uses IE's rendering engine does not make it less secure. It merely means that more things are using this certain product which has a vulnerability in it.

Not true. There have been security vulnerabilities in Internet Explorer that were able to effect users even if they didn't use it as the default browser. And IE's dll's sit in memory. Windows Explorer uses IE's shell. If there's a security vulnerability in IE's shell, then there's a security vulnerability in Windows Explorer.