Firefox Won’t Save You from IE Flaws
Thursday, September 20th, 2007Running Firefox or Opera as a default browser won’t save you from unpatched Internet Explorer vulnerabilities—a fact made explicit when a researcher showed how easy it is to put HTML inside files supported by Windows Media Player.
Researcher Petko D. Petkov said in a Sept. 18 blog posting that he’s found that a fully patched Windows XP Service Pack 2 system running Internet Explorer 6 or 7 along with Windows Media Player 9—the default, although the media player is now up to Version 11—will open any page of an attacker’s choice even if the default browser is not Internet Explorer.
The broader implication is that even users who think they’re safe because they don’t run IE are exposed to any IE vulnerabilities out there, Petkov said. This is true not only for Windows Media Player users but also for those who run Skype, GTalk and AIM, given that those applications all use IE for rendering incoming and outgoing messages, he told eWEEK in an e-mail.