Here are some of the most significant bugs from the past week in the BugBlog:
Microsoft Internet Explorer 7 can no longer be considered beta software — so it's time for the BugBlog to start taking a look. The good news is that IE 7 imposes a lot more security on ActiveX controls. That's good — although it was Microsoft who foisted ActiveX on us in the first place. This review of IE 7 at eWeek talks about the increased security, which is a definite bug fix.
The first bug in Microsoft Internet Explorer 7 is being discussed. It is a problem in redirection handling with the "mhtml:" URI handler. However, according to the Internet Storm Center, this bug is actually something left over from IE 6. It appears that for compatibility reasons, Microsoft included an older MSXML ActiveX component that had this bug. You can read the full analysis.
Opera 9 has a heap overflow bug that may cause the browser to crash when it tries to handle a very large link. Opera says they have fixed this in Opera 9.02, and that the impact of the bug is a denial of service attack. They also credit iDefense for finding this bug. According to iDefense, the size of the link only has to top 256 characters, and it can be hidden in an iframe. They also say that attackers can use the bug to run their own code on your computer.