- 论坛徽章:
- 0
|
原帖由 skipjack 于 2006-4-24 09:13 发表
呵呵...说到HTTP协议认证这东西,咱也顺便提下IE和Mozilla的比较。
仅从协议实现上来看,IE真的比Mozilla差?
我劫持一次TCP会话后,让Mozilla转向会比让IE转向容易的多的多。
如果你感觉兴趣,可以讨论。
Most of IE vulnerabilities come from COM/Activex. A COM object can be initialized even it is not masked as safe for scripting, this has been proved to be very dangerous. Lots of memory corruption vulnerabilites have been found in the recent two years, some of these vulnerabilities can be easily exploited for code execution. For example :
MS06-013 (CVE-2006-1186)
Mozilla family browsers also has its own flaws, But AFAIK, it is relatively safer than IE. BTW, Mozilla has much better security policy than Microsoft, any vulnerability being found will be quickly patched, security issues is discussed through bugzilla portal, this is much better than Microsoft which takes months to fix a simple vuln.
IE and Mizilla Firefox are both HTTP client applications, HTTP is an application level procotol, any thing happens at TCP level, like tcp session hijacking, should not be taken as a problem of the application, am I right? Or I'm missing your point here? I'm all ears here and I'm eager to learn.
B.T.W, I'm at work, not able to input Chinese Characters. |
|