A Tale Of Two Browsers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers
Commentary
7/11/2007
03:35 PM
50%
50%

A Tale Of Two Browsers

Internet Explorer and Firefox are sitting on a bench, enjoying the warm summer sun. Suddenly, Firefox sneezes, reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I think I'm coming down with something," it says. "Is there something I can do to get rid of this problem?" Then IE sneezes. What does it do?

Internet Explorer and Firefox are sitting on a bench, enjoying the warm summer sun. Suddenly, Firefox sneezes, reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I think I'm coming down with something," it says. "Is there something I can do to get rid of this problem?" Then IE sneezes. What does it do?It reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I just want to tell you," it says, "that wasn't my sneeze, my handkerchief is perfectly clean, and if I sneeze again I'm telling everyone it's Firefox's fault."

Sorry for the bad joke, but this is what immediately popped into my head when I read Sharon Gaudin's recent news item about a new security flaw that seems to be affecting both browsers. Apparently, a researcher named Thor Larholm has asserted in his blog that, "There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols." In other words, if you're using IE and visit a Web page that calls on a Firefox URL -- with, presumably, malicious code attached -- Firefox will be launched and will execute that code. The result? Two sick browsers.

Of course, this all depends on several factors, including the tendency of the user to go to malicious Web sites and whether your version of Firefox has the specific FirefoxURL handler. However, what I became most interested in was actually the reaction of the two browser vendors to the news: A Mozilla representative said they will be patching the problem in an upcoming release, while a Microsoft representative wrote that "this is not a vulnerability in a Microsoft product."

Strictly speaking, the Microsoft rep is right. The ultimate vulnerability is in Firefox. But this vulnerability only exists in the presence of both browsers. And would those of us who have both IE and Firefox on their systems (which includes everyone who installed Firefox but decided not to uninstall IE -- in other words, a lot of people) really care which browser is the one being ultimately targeted when our systems slow down to a crawl? And is a general policy of defensiveness really appropriate when you're dealing with a potential problem that will affect your user base?

Over the years, Microsoft acquired a reputation -- not unearned -- of acting as though it was the only viable source of software around; if its products had any interactions with other software products that didn't work, well, it was the user's fault for straying from the path. Over the last year or so, my impression was that Redmond had mellowed a bit, understood that our current technology is based on a culture of complex collaborations with other products, and had learned to Play Well With Others. I hope I wasn't being optimistic.

[UPDATE: Several people have pointed out that most people can't decide to uninstall IE, whether or not they want to -- there isn't a way to do that without some severe hacking. And they're quite right -- my error.]

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
News
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Commentary
Study: Cloud Migration Gaining Momentum
John Edwards, Technology Journalist & Author,  6/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll