Javascript & IE

Started by Rik, Nov 23, 2009, 17:35:43

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Rik

If you use version 6 or 7 of Microsoft's Internet Explorer browser you should disable the JavaScript function immediately.

Security experts have warned anyone using Internet Explorer 6 or 7 on a Windows XP or Windows Vista PC to take immediate steps to ensure their security.

This is because an exploit for a previously unknown flaw in the browser has been spotted in circulation.

The flaw could enable a hacker to take over a computer if a surfer visited a compromised website using a vulnerable version of the IE browser.

Proof-of-concept code is already circulating on the web, with more exploit code likely to be on the way.

Security firm Symantec advised surfers to disable JavaScript in IE and to ensure their anti-virus definitions were up to date.

"The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into sites, infecting potential visitors," Symantec said in a statement.

You can disable JavaScript in IE7 by going to Tools, Internet Options, click on the Security tab and then click on Custom Level. Scroll down until you find the entry for Scripting, then click on Disable.

In IE6, follow the same instructions, though you are looking for the entry for 'Active scripting' in the Custom Level dialogue box. You will also need to restart your browser for the fix to take effect.

Other versions of Internet Explorer and Windows could also be affected, Symantec warned.

Microsoft has not yet commented on the vulnerability.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

somanyholes

shame they don't have no script ;) On a more serious note turning off javascript is going to break a massive amount of sites, I can't believe they have recommended to turn it off. Web security would be so muc better if javascript didnt exist at all, it really is a big gaping hole in browser security.

Glenn

Do you have a link please Rik, I'll send it to my desktop admin team?
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

I don't, I stole it from elsewhere, So. ;)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Noreen

Is it the one called "Scripting of Java Applets", Rik?

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Quote from: Noreen on Nov 23, 2009, 17:47:39
Is it the one called "Scripting of Java Applets", Rik?

Possibly.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Glenn

Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Sebby


Baz

i dont use IE if I can help it  but for those that do and are not familiar with Javascript  how do you disable it Rik and how long to leave it disabled

Rik

QuoteYou can disable JavaScript in IE7 by going to Tools, Internet Options, click on the Security tab and then click on Custom Level. Scroll down until you find the entry for Scripting, then click on Disable.

In IE6, follow the same instructions, though you are looking for the entry for 'Active scripting' in the Custom Level dialogue box. You will also need to restart your browser for the fix to take effect.

Baz. Not sure about IE8.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Baz

opps   sorry Rik didnt read it all  :whistle: :whistle:

:)

Rik

 ;D I know the feeling Baz, I do it all day.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Baz

what do they class as a compromised website or is there far too many to mention  ;D


Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

psp83

Quote from: somanyholes on Nov 23, 2009, 17:40:34Web security would be so muc better if javascript didnt exist at all, it really is a big gaping hole in browser security.

Web security would be better if IE didnt exist!

Its not javascript thats in the wrong, its the browser not coded correctly.

somanyholes

Quote
Web security would be better if IE didnt exist!

Its not javascript thats in the wrong, its the browser not coded correctly.

xss/csrf dont care what browser your using, javascript/actionscript all lead down the same path.

Noreen

I disabled it and found that I couldn't use smilies in posts so I've reset it again.

Rik

It would do that, and affect some other forum functions too.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.


Noreen


Rik

Nice to see they're really going flat out to fix it, isn't it. ;)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Rik on Nov 24, 2009, 18:07:51
Nice to see they're really going flat out to fix it, isn't it. ;)
Makes Windows 7 look tempting for those with XP and Vista, Rik.
Damned, if you do damned if you don't

Rik

Makes a Mac look even more tempting. ;D
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.