 |
 |
 |
 |
 |
Information about your favorite browser: news, articles and more.
IE 7 bug reopens debate over patch responsibilities
Published October 15th, 2007 in Browser Security, Internet Explorer, Internet Explorer 7
Security researchers are again arguing over who is responsible — Microsoft or third-party developers — for protocol-handling bugs after a researcher said late last week that Internet Explorer 7 can be used to trick users into launching malware.
Posting to the Full Disclosure mailing list, Juergen Schmidt, a researcher at Heise Security, blamed IE 7 for passing invalid Uniform Resource Identifiers (URI) to Windows XP. Specifically, said Schmidt, IE 7 accepts URLs from other applications that include the "%" [percent] character, which can launch software or scripts on users’ machines if they click on a malformed link. ARNnet - IE 7 bug reopens debate over patch responsibilities
