You have slightly the wrong end of the stick - the vulnerability in IE is not the "shell:" vulnerability of which you speak. The problem is that when Mozilla or Firefox encounter a URL scheme they don't recognise, they hand it off to the operating system, and in Windows the "shell:" scheme gives you an easy break.
The big difference between Mozilla/Firefox and IE here is that there are already patches and fixed releases for this bug available (which I'll announce here in a later post), while IE wasn't fixed for yonks after the vulnerability was announced, and by some reports still isn't.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
no subject
Date: 2004-07-11 03:34 am (UTC)The big difference between Mozilla/Firefox and IE here is that there are already patches and fixed releases for this bug available (which I'll announce here in a later post), while IE wasn't fixed for yonks after the vulnerability was announced, and by some reports still isn't.
By the way, who are you?