Researchers Already Scouring IE 7.0 For Holes
Less than 24 hours after IE 7.0 Beta 2 Preview was released to the public a security hole was discovered.
January 31, 2006
As soon as Microsoft released IE 7.0 Beta 2 Preview researchers went to work looking for security holes, and Tom Ferris found one.
"I saw that Microsoft released IE 7.0 Beta 2 to the public today. So, I figured I would give it a quick look at and I just happened to find something within the first 15 minutes into testing," Ferris wrote.
According to Ferris, IE 7.0 incorrectly parses "BGSOUND SRC" tags, which allowed him to easily craft a special HTML file that crashes the browser. Ferris said he notified Microsoft of the problem. He also published complete details of the vulnerability, writing tongue-in-cheek, "[Why] release an advisory on a beta product? Well, why not?" Ferris went on in the same tone to suggest that a workaround for the problem is to use Firefox.
Bugs in beta software are not uncommon and Microsoft will undoubtedly fix the problem before the browser is offically released. In the meantime let's hope that the company more thoroughly checks the browser for potential weak points.
About the Author
You May Also Like