What were some of these problems? Here are a couple of the significant ones from the past week or so. (Some of the vulnerabilities and exploits overlap, because they all take advantage of some of the IE weaknesses that US-CERT outlined.)
A number of web sites using Microsoft Internet Information Server 5.0 were infected with malicious code know as Download.Ject, or JS.Scob.Trojan, Scob, and JS.Toofeer. If you visit these infected sites while using Microsoft Internet Explorer, you may then be infected. The end users will have files called Kk32.dll and Surf.dat on their computers. This attack was being controlled by a server in Russia, that was stealing keystrokes and thus could be used to steal passwords, credit card numbers, and other sensitive information. That site was shut down, but that didn't fix the underlying vulnerability
The Internet Storm Center (ISC) says that a new Trojan program may install itself via a pop-up ad on Microsoft Internet Explorer, and then aims to steal keystrokes used to log on to nearly 50 different Internet banking sites, including Citibank, Barclays Bank and Deutsche Bank.
US-CERT says that Microsoft Internet Explorer has another security problem. In this case, it doesn't correctly check the security context of a redirected frame. This may allow an attacker to trick the browser into running a script with Local Machine Zone security, rather than in the Internet Zone security, leading to potential information theft problems.
Back at the Bugblog, there are another two years worth of bugs and security threats against IE. Maybe it all comes down to this: do you want to wait and switch after the Russian hacker has stolen your credit card numbers, or do you want to be proactive?
Article comments
1 - Phillip Winn
I don't remember what Mozilla 1.7 offers that Firefox 0.91 doesn't, but I've found Firefox to be wonderful, and have been running it for months now (since 0.7). It's also very, very fast and a small download. It's available from the Mozilla page linked to above -- it's the first link.
2 - mike hollihan
I've been using Firefox for several years now and I can't imagine going elsewhere. Firefox is the browser-only version of the Mozilla Suite. You can keep on using IE and Outlook, and also download Firefox to run alongside, for comparison.
On my computer (AMD K-6 300Mhz) I've found .9 to be noticeably faster than .7. Loads quicker, renders quicker, everything.
And tabbed browsing is DA BOMB! If you haven't tried it, it's a bit hard to explain, but once you've used it, you can't imagine web surfing any other way. I love my Firefox.
3 - Bruce Kratofil
I've got both Firefox and Thunderbird (the mail client) loaded up too.
However, if Mozilla.org still officially thinks of these as beta releases, I'm not going to recommend them yet.
For those who don't know -- the next step in Mozilla's evolution is a separate browser (Firefox) and a separate email program (Thunderbird).
4 - Phillip Winn
Gotcha. Pre-release or not, Firefox is more stable (for me) than MSIE itself. I know of only one website that doesn't work with Firefox, and I can right-click and launch the page in MSIE if I need to.
5 - Bruce Kratofil
"Pre-release or not, Firefox is more stable (for me) than MSIE itself."
Maybe this is the open-source difference. A lot of Microsoft's 1.0 releases are poor quality, and probably no better than betas.
And Mozilla.org has a nice stand-alone browser, Firefox, sitting at .91, that probably would have been shoved out the door already by most companies.
6 - TDavid
Watch what ends up happening with browsers when Microsoft releases their next OS: Longhorn.
They are already saying that there will be far less dependence on traditional browsers to interact with the web. I think if Microsoft has its way Internet Explorer will be going away -- sooner rather than later.
In some ways, with RSS readers this process has already begun.
7 - Steven Lemon
Firefox is indeed a great browser, but how can ANY ONE say that Mozilla (1.?) offers nothing that firefox doesn't.
Ever hear of FILE EDITING? I use Mozilla (other than Firefox) to edit web pages and it's great. Firefox is just a better version of Explorer, but Mozilla has the same things as Firefox, with file editing included extra.
I will grant that Firefox is better than 1.7 if brwosing is all you do, but for us who need to do more, Firefox can't touch Mozilla 1.7