[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerab

To: Valdis.Kletnieks@xxxxxx
Subject: Re: [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerab
From: bkfsec <bkfsec@xxxxxxxxxxxxxxxx>
Date: Tue, 28 Mar 2006 11:49:04 -0500

Valdis.Kletnieks@xxxxxx wrote:


(I didn't even *mention* the cost of beating the snot out of the web developers
who coded IE-specific extensions into a corporate webpage, did I?   It's
usually not the actual install cost that gets you, it's the ripple effect that
providing the support generates...)

You're ultimately right about the cost, but the problem is that... well,what you've got there is bad practice that *must* be corrected anyway.

You'd better believe that when I find web developers beingbrowser-reliant I raise a fuss. It doesn't always generate results butit does get the message across.


         -bkfsec


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerab
  - From: s89df987 s9f87s987f
- Re: [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerab
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] Industry calls on Microsoft to scrap PatchTuesday for Critical flaws
Next by Date: [Full-disclosure] S/Mime Exchange 2003 how secure how to secure it?
Previous by thread: Re: [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerab
Next by thread: Re: [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerab
Index(es):
- Date
- Thread