Mozilla Downloads Rise Following US-CERT Recommendation to Drop IE

Friday July 2nd, 2004

Wired News is reporting that Mozilla downloads have surged following advice from the US Computer Emergency Readiness Team (US-CERT) to avoid Internet Explorer for security reasons. Download numbers approximately doubled in the days following the US-CERT recommendation, which was made in the form of an update to an earlier vulnerability note and comments to the press. US-CERT is a partnership between the United States Department of Homeland Security — the government organisation set up in the wake of September 11th to prevent terrorist attacks — and the public and private sectors.

US-CERT's advice follows last week's outbreak of the Download.Ject virus, which exploited a number of holes in Microsoft's IIS Web server and Internet Explorer to install a password-stealing trojan horse on Web surfers' computers. Microsoft patched some of the flaws before the outbreak occurred and today released another update that protects against the vulnerability by way of a configuration change (though the underlying problem has not been fixed). Windows users should hotstep it to Windows Update (must be visited using IE) to install the patch, regardless of whether they use Internet Explorer as their default browser.

#52 Re: Re: You mean there is no way to turn off IE???

by Rytsarsky

Tuesday July 6th, 2004 5:30 AM

You are replying to this message

The Cert Recomendation mentions the the risk is present whenever the mshtml module is used. Many applications for windows utilize the rendering image to embed web content. The ones that pop into my mind are things like winamp, weatherbug (evil anyway), lots of p2p clients. So you don't have to be using the IE browser itself to be vulnerable.