The large number of websites I visit and some I code myself use Java driven mouse over popups to parse information from other websites. Since the last IE update these have ceased to function in IE8.
QuoteCumulative Security Update for Internet Explorer 8 for Windows Vista (KB976325)
Installation date: 10/12/2009 06:50
Installation status: Successful
Update type: Important
Security issues have been identified that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this item, you may have to restart your computer.
More information:
http://go.microsoft.com/fwlink/?LinkId=169404
Help and Support:
http://support.microsoft.com
QuoteExecutive Summary
This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; for more information about this issue, see the subsection, Frequently Asked Questions (FAQ) Related to This Security Update, in this section.
Assuming I've identified the problem correctly and assuming there's no code work around (outside of my expertise), this means the end of IE* for millions of people including myself.
After being a supporter for x number of years it's byebye IE, hello (probably) Firefox or google Chrome. As an added bonus I'll now be able to see Webkit effects. Does anyone have a recommended spellcheck plug-in for either browser?
Firefox has spellchecking by default. You just need to add the British dictionary. Tbh, there's no reason to be a supporter of IE when there are so many better browsers out there.
Showing my complete ignorance here - but if it's a a security problem then surely:
1. Microsoft should have fixed it
2. Firefox/Chrome/Opera etc. will fix it at some point if they haven't already
Or is there more than one potential issue and Microsoft have used a blanket approach and fixed everything including stuff that didn't need fixing?
Well I think the first thing to say is despite a lot of searching I can find nothing on the net about this and I'm absolutely not an authority on the subject.
If I'm correct, other browsers tend to offer a choice before displaying this type of content or in the case of Chrome, simply let it through which is what IE did until two days ago. Now, it appears IE just disables that content.
As to whether or not it is a security risk, I'd say it certainly is but it's a function for want of a better term that millions of users use everyday.
Quote from: Sebby on Dec 11, 2009, 15:28:58
Firefox has spellchecking by default. You just need to add the British dictionary. Tbh, there's no reason to be a supporter of IE when there are so many better browsers out there.
Cheers :thumb:
After over 8 hours of hitting it with a hammer, I've found it this can be overridden serverside which makes a bit of a mockery of Microsoft's security patch.
Still no Webkit support though ::)