"EXTREMELY CRITICAL" unpatched IE flaw

Well now, I guess today is not a day of raining, but of a whole cyclone.

Don’t ignore this one. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2, and Internet Explorer 6.0 and Microsoft Windows 2000 SP4.

Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to certain objects not being initialized correctly when the “window()” function is used in conjunction with the “<body onload>” event. This can be exploited to execute arbitrary code on a vulnerable browser via some specially crafted JavaScript code called directly when a site has been loaded.

Example:
<body onload=”window();”>

Successful exploitation requires that the user is e.g. tricked into visiting a malicious website.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2, and Internet Explorer 6.0 and Microsoft Windows 2000 SP4.

^{Secunia – Advisories – Microsoft Internet Explorer “window()” Arbitrary Code Execution Vulnerability}

Have I mentioned Firefox yet today? No?

Never in the history of Firefox has there been a bug that any legitimate security organisation has labled as “Extremely Critical”. It is a rare event that anything gets this kind of treatment. However, you should most definitely be switching right about now if you haven’t already.

(Thats a free one. Its only the Google ads I get coins from)