Referenencing the firefox thread that was going on earlier, I ran across this article:
http://www.securityfocus.com/archive/1/378632
that concludes " It appears that the overall quality of code, and more importantly, the
amount of QA, on various browsers touted as "secure", is not up to par
with MSIE; the type of a test I performed requires no human interaction
and involves nearly no effort. Only MSIE appears to be able to
consistently handle [*] malformed input well, suggesting this is the
only program that underwent rudimentary security QA testing with a
similar fuzz utility."
FYI,
Brett
What are you smoking, Brett?
Or are you touting MSIE because you're a hijacker?
Or is Micro$soft paying you to spew FUD?
Or maybe you're just not as smart as you'd like us to believe.
http://www.securityfocus.com/archive/1/379207
"(...)although it did take a longer
while for it to give up - three hours - (impressive by comparison to
competitors), it eventually did:
http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
Tested on 6.0.2800.1106, dies in mshtml.dll. This is a NULL pointer
dereference, so merely a DoS condition, but still an evident flaw in
basic HTML parsing.
******************************************************************
* This means that VIRTUALLY EVERY BROWSER IN USE TODAY is unable *
* to securely render HTML. Keeping in mind that not only web *
* browsing, but also integrated e-mail is at risk, it is a grim *
* thought. *
******************************************************************
Register
