Tag: Internet Explorer

Posted on
by

ISC is reporting a new type of vulnerability in web browsers that the discoverer has termed as “Reverse Cross-Site Request,” or RCSR.

Basically, on a site with user-generated content—like a hosted blog—it’s possible to add a form that looks like the site’s login form. If the victim has an account on the same site, and has asked their browser to save their password, it will auto-fill the form. If the attacker can somehow trick the visitor into submitting the form—say, with an invisible image submit button (ever clicked randomly? Or to get back to the page after looking at another window?)—the attacker gets the visitor’s password.

What’s new about this is that all it requires is plain HTML, not scripting, which most blog hosts and similar sites already block.

Chapin Information Services discovered the bug in Firefox 2, and reported it to Mozilla. It turns out that Internet Explorer 6 and 7 are also vulnerable, but only if it’s on the same page as the real login form. Mozilla is currently trying to determine the best way of resolving the problem without breaking all the passwords people have already saved. The ISC article links to the bug report, so you can follow the discussion. Microsoft has only said that they’re “aware of the issue.”

At the moment, I’m glad I don’t let web browsers save my passwords.

Posted on
by

Microsoft is really pushing for people to make sure their websites and apps are compatible with IE7. Apparently this is a real concern for a lot of people who relied on certain proprietary features, bugs, and quirks in IE6. I guess they figured they wouldn’t have to worry about future versions. (Hmm… I wonder where they got that idea?)

The fact of the matter is, I’m not worried. I tested my personal sites and the sites I’d built for work months ago, using the IE7 betas, and more recently with RC1. I made a couple of minor changes to some stylesheets, but that was about it.

Why? I’ve been writing standards-based code for years. I validate it from time to time, and I test to make sure it works in the latest versions of Firefox, Opera and Safari as well as IE. So the code was already portable.

Plus, anything new I’ve built since January has been designed with IE7 in mind from the beginning.

Most of the changes were to workarounds for IE6. Either stopping them from running on IE7 (if the bug was fixed), or keeping them running on IE7 (if it was done using a CSS hack).

Posted on
by

I just read an interesting post from Microsoft’s Internet Explorer team on The IE7 User-Agent String. This statement in particular illustrates a problem not unfamiliar to Opera users:

There are a few remaining sites which fail to recognize IE7 because they are performing exact string matches to look for specific IE version strings. Those checks will need to be removed or updated to accommodate IE7.

Yes, you read that correctly: there are websites out there using bad browser sniffing code which will send the wrong code to Internet Explorer 7. In fact, they go on to say that they’ve released a tool which will let IE7 pretend to be IE6!

To enable you to workaround any remaining sites that block access to Internet Explorer 7, we developed the User Agent String Utility. The utility comes in the form of a small executable that opens an IE7 instance that sends the IE6 user agent string. It also provides a mechanism for you to report problem web sites to Microsoft so that we can follow up with the affected site owners.

I’ll admit to a certain amount of schadenfreude, but it also points up just how bad a strategy browser sniffing can be when done thoughtlessly: It effectively builds an expiration date into your website after which even the browser you designed it for will run into problems.

*This post originally appeared on Confessions of a Web Developer, my blog at the My Opera community.

Posted on
by

There’s a lot of misinformation out there about various web browsers. Opera can/can’t do this. Firefox can/can’t do that. There’s only so much you can do to promote one product when you only know rumors or outdated facts about another.

Opera users: If someone told you that Firefox was better than Opera because it doesn’t have ads, you wouldn’t take them seriously. You’d know the ads have been gone since last year, and you’d wonder what else they have wrong.

Firefox users: If someone told you Opera was better than Firefox because Firefox won’t let you reorder tabs, you wouldn’t take them seriously. You’d know that Firefox 1.5 did just that, and you’d wonder what else they have wrong.

And neither of you will convince an IE fan that Opera is better because of tabs and a built-in search box because they’ll tell you that IE7 has both.

When you’re trying to convince someone that X is better than Y, and they know Y very well, you’d better know Y well enough not to make statements that the other person knows are false. When you do, you’ll lose credibility, and the rest of your argument — the part you do know well — will suffer for it. (I suspect a lot of software flame wars get started this way!)

So here’s my suggestion: If you want to promote Opera, go and download Firefox 1.5. If you want to promote Firefox, go and download the Opera 9 beta. Either way, try out the IE7 beta (if your Windows version will run it) or fire up Safari (if you’re on a Mac). Mess around with them enough that you’re familiar with how they work, what you can do with them, and how they handle your favorite web pages. That way the next time you face an IE fan (to the extent that IE has fans), or a Firefox fan, or an Opera fan, or a Safari fan, you’ll be armed with accurate information.

As for the post title — I don’t think it’s necessary for the major browsers to be enemies. I think there’s plenty of room for cordial competition rather than a cutthroat struggle. But “Know Your Enemy” is a better attention-getter than “Familiarize yourself with the competition.” ๐Ÿ˜‰

*This post originally appeared in two slightly different forms on my blog Confessions of a Web Developer at the My Opera community and on my Spread Firefox blog.

Posted on
by

I had a really strange experience with Internet Explorer earlier this week. I had a reason to check Windows Update (checking for driver updates), but no matter what I did, Microsoft Update opened itself in Firefox! Even if I typed the URL into IE, or chose it from the Tools menu. It became clear that the same was true of typing in any other URL, or trying to open a link in a new window.

As far as I can tell, IE had decided that it wasn’t capable of handling new HTTP connections and was sending the URL to the default browser. Continue reading

Posted on
by

The WaSP is reporting that Microsoft will end support and cease distributing Internet Explorer for the Macintosh at the end of January. It’s been about eight months since the latest version of Mac OS X shipped without IE, and almost three years since Apple launched Safari.

While there is an “end of an era” feeling to this, it’s kind of like losing the last veteran of World War I. It’s of more historical significance than anything else. When Microsoft released IE5/Mac, it was hailed as the most standards-compliant web browser available. But Microsoft abandoned it years ago.

Fortunately, not only is Safari a worthy successor, but there are other options as well. What’s great about the web browser field these days is that the major players are constantly improving their offerings and working toward greater compatibility. And soon any website that wants to cater to Mac users will no longer be able to fall back on “Just use IE!” They’ll have to test in Safari, and of course the easiest way to build a website that works in IE/Win, Safari, and Firefox (the two defaults and the major alternative) is to start with standards-based code in the first place—which improves compatibility with even more browsers. Users get more choices, and websites get more users. Everyone wins.

Posted on
by

A tale of the Browser Wars on the high seas.

Harken, lads, and listen to my tale. It is the tale of the FyreFawkes, a vessel that turned the tide in the never-ending battle for the high seas.

In this day, shipping lanes criss-cross the ocean like a Web, and in years past, that web was commanded by the Fleet of the Navigators. Wherever ye wanted to go, a Navigator ship was there to take you. But the wealthy My Crows’ Loft Company controlled the ports, and knew that if they did not take command of the high seas, someone might use the Navigator Fleet to build their own harbors, outside My Crows’ Loft’s sphere of influence.

So My Crows’ Loft built their own fleet, a fleet of Explorer craft, and after a great trade war, their fleet dominated the ocean. The Navigators’ fleet shrank, nearly forgotten.

But My Crows’ Loft grew complacent in their victory, and the Explorer fleet aged. Worse, the vessels had weak spots and leaks that pirates and brigands of all sorts knew how to attack. What was once a pleasant voyage across the sea became a journey fraught with danger, with spies, phishermen, and great wyrms lying in wait for the unsuspecting voyager. Continue reading

ยปAll pages site-wide with this tag