Linked by HAL2001 on Mon 31st Jan 2011 22:39 UTC
Windows A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to conduct cross-site scripting (XSS) attacks. The vulnerability is caused due to an error in the way the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler interprets MIME-formatted requests for content blocks within a document.
Thread beginning with comment 460410
To read all comments associated with this story, please click here.
Is this limited to IE?
by ingraham on Mon 31st Jan 2011 23:25 UTC
ingraham
Member since:
2006-05-20

Is this threat limited to IE? Or are other browsers on Windows affected as well? I can't tell from the description.

Reply Score: 1

RE: Is this limited to IE?
by ingraham on Mon 31st Jan 2011 23:39 in reply to "Is this limited to IE?"
ingraham Member since:
2006-05-20

Just to answer my own question, yes, this appears to be limited to IE. InfoWorld has a story on it: http://www.infoworld.com/t/malware/what-microsoft-didnt-say-about-t...

BTW, has anybody even HEARD of MHTML? I kinda like the idea; I wouldn't mind sending somebody an MHTML doc instead of a PDF, for example. But none of the other browsers support MHTML (which is why they're safe), and I've never encountered an MHTML file in the real world.

Reply Parent Score: 1

RE[2]: Is this limited to IE?
by vodoomoth on Wed 2nd Feb 2011 13:33 in reply to "RE: Is this limited to IE?"
vodoomoth Member since:
2010-03-30

I've read an article on this vulnerability and it said Opera also handles that format.

Edited 2011-02-02 13:34 UTC

Reply Parent Score: 2