Old Browsers and security - Was Re: [thelist] Site review please

Dave Holloway daveholloway at spamcop.net
Wed Jan 28 12:28:11 CST 2004


Hassan Schroeder wrote:

> So you're going to tell someone using NS4 on Solaris that they're
> "less secure" than someone using IE-what-ever on Windows?
>
Yes.
It doesn't matter what operating system you are using. If an old browser 
has a known vulnerability, for example: a vulnerability that allows 
processes to be run on your local machine, it is open to the 
vulnerability until the browser is upgraded, regardless of OSs, 
firewalls, web proxies, and routers.

These bugs don't launch remote processes.. but they are still security 
flaws..  Newer browsers will have patches to fix them.
https://testzone.secunia.com/advisories/7605/
http://cert.uni-stuttgart.de/archive/bugtraq/2000/03/pgp00019.pgp

> OK. Yeah. [ Cue laugh track... ]

Ha.

Little Dave.




More information about the thelist mailing list