Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Internet Explorer
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Security vulnerabilities=== {{See also|Comparison of web browsers#Security and vulnerabilities}} Internet Explorer has been subjected to many security vulnerabilities and concerns such that the volume of criticism for IE is unusually high. Much of the [[spyware]], [[adware]], and [[computer virus]]es across the Internet are made possible by exploitable bugs and flaws in the security architecture of Internet Explorer, sometimes requiring nothing more than viewing of a malicious web page to install themselves. This is known as a "[[drive-by download|drive-by install]]". There are also attempts to trick the user into installing malicious software by misrepresenting the software's true purpose in the description section of an ActiveX security alert. A number of security flaws affecting IE originated not in the browser itself, but in ActiveX-based add-ons used by it. Because the add-ons have the same privilege as IE, the flaws can be as critical as browser flaws. This has led to the ActiveX-based architecture being criticized for being fault-prone. By 2005, some experts maintained that the dangers of ActiveX had been overstated and there were safeguards in place.<ref>{{cite web |url=http://www.eweek.com/c/a/Security/The-Lame-Blame-of-ActiveX/ |title=The Lame Blame of ActiveX |date=April 14, 2005 |access-date=April 7, 2006 |work = Security—Opinions |publisher=eWeek |last=Seltzer |first=Larry }}</ref> In 2006, new techniques using [[automated testing]] found more than a hundred vulnerabilities in standard Microsoft ActiveX components.<ref>{{cite web |url=http://www.securityfocus.com/news/11403 |title=ActiveX security faces storm before calm |date=July 31, 2006 |access-date=July 11, 2009 |publisher=Security Focus |last=Lemos |first=Robert |archive-date=July 25, 2008 |archive-url=https://web.archive.org/web/20080725094146/http://www.securityfocus.com/news/11403 |url-status=dead }}</ref> Security features introduced in Internet Explorer 7 mitigated some of these vulnerabilities. In 2008, Internet Explorer had a number of published security vulnerabilities. According to research done by security research firm [[Secunia]], Microsoft did not respond as quickly as its competitors in fixing security holes and making patches available.<ref>{{cite web |url=http://secunia.com/gfx/Secunia2008Report.pdf |title=Secunia 2008 Report |publisher=Secunia }}</ref> The firm also reported 366 vulnerabilities in ActiveX controls, an increase from the previous year. According to an October 2010 report in ''[[The Register]]'', researcher Chris Evans had detected a known security vulnerability which, then dating back to 2008, had not been fixed for at least six hundred days.<ref>{{cite web |url=https://www.theregister.co.uk/2010/11/01/internet_explorer_600_day_bug/ |title=Internet Explorer info leak festers for 2 years |website = The Register |date = November 1, 2010 |access-date=November 2, 2010 |first = Dan |last = Goodin |location = San Francisco }}</ref> Microsoft says that it had known about this vulnerability, but it was of exceptionally low severity as the victim web site must be configured in a peculiar way for this attack to be feasible at all.<ref>{{cite web |url = https://www.zdnet.com/blog/security/two-year-old-data-leakage-flaw-still-haunts-internet-explorer/7604 |archive-url = https://web.archive.org/web/20101104042202/http://www.zdnet.com/blog/security/two-year-old-data-leakage-flaw-still-haunts-internet-explorer/7604 |url-status = dead |archive-date = November 4, 2010 |title = Two-year-old data leakage flaw still haunts Internet Explorer |work = [[ZDNet]] |publisher = [[CBS Interactive]] |date = November 1, 2010 |access-date = November 2, 2010 |first = Ryan |last = Naraine }}</ref> In December 2010, researchers were able to bypass the "Protected Mode" feature in Internet Explorer.<ref>{{cite web|url=https://www.theregister.co.uk/2010/12/03/protected_mode_bypass/ |title=Researchers bypass Internet Explorer Protected Mode |website=[[The Register]] |date = December 3, 2010 |access-date=December 4, 2010 }} </ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)