Just one more reason to dump IE.


TITLE:
Microsoft Internet Explorer Disclosure of Sensitive XML Information

SECUNIA ADVISORY ID:
SA12765

VERIFY ADVISORY:
http://secunia.com/advisories/12765/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 6
http://secunia.com/product/11/
Microsoft Internet Explorer 5.5
http://secunia.com/product/10/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/

DESCRIPTION:
Georgi Guninski has reported that a two year old vulnerability has
been reintroduced in Microsoft Internet Explorer and can be exploited
by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to insufficient cross-site
restrictions when handling XML documents in some situations. This can
be exploited on e.g. a malicious web site to view well-formed XML
documents on arbitrary servers in the context of a user's session.

SOLUTION:
Disable Active Scripting support.

Use another browser.

PROVIDED AND/OR DISCOVERED BY:
Originally discovered by:
GreyMagic Software

Rediscovered by:
Georgi Guninski

ORIGINAL ADVISORY:
GreyMagic Software:
http://www.greymagic.com/security/advisories/gm009-ie/

Georgi Guninski:
http://www.guninski.com/where_do_you_want_billg_to_go_today_1.html

Yikes! Back to Opera for me!

Opera is up to 7.54 now, and it's excellent well worth the bucks to register it. I use IE only when Opera can't deal properly with extremely bad HTML code or with IE-targeted sites (such as Mickeysoft's)

Either Opera or Firefox is fine. They are both W3C compliant (something IE will never be). Basically it comes down to whether you want to pay the bucks for Opera vs. a free Firefox. I enourage any and all IE users (and have been for a long time) to please dump that Dem-based browser (one that promises to protect you while letting known enemies to slip thru with so much as a slap on the wrist) and switch.