Recently there was Post Setup at the Microsoft Forum @ DP. Regarding this Security Flaw. For those who Criticized upon the Post here is a Quick News. That IE is not dead! & is back on Track Microsoft is due to issue a patch to fix a security flaw believed to have affected as many as 10,000 websites. The emergency patch should be available from 1800 GMT on 17 December, Microsoft has said. The flaw in Microsoft's Internet Explorer browser could allow criminals to take control of people's computers and steal passwords. Internet Explorer is used by the vast majority of computer users and the flaw could affect all versions of it. So far the vulnerability has affected only machines running Internet Explorer 7. "Microsoft teams worldwide have been working around the clock to develop a security update to help protect our customers," the software firm said in a statement. "Until the update is available, Microsoft strongly encourages customers to follow the Protect Your Computer Guidance at www.microsoft.com/protect, which includes activating the Automatic Update setting in Windows to ensure that they receive the update as soon as it is available," the statement read. Potential danger According to Rick Ferguson, a senior security adviser at security firm Trend Micro, the flaw has so far been used to steal gaming passwords but more sensitive data could be at risk until the security update is installed. "It is inevitable that it will be adapted by criminals. It's just a question of modifying the payload the trojan installs," he said. It is relatively unusual for Microsoft to issue what it calls an "out-of-band" security bulletin and experts are reading the decision to rush out a patch as evidence of the potential danger of the flaw. Some experts have suggested that users switch browsers until the flaw is fixed. Firefox, Opera, Chrome and Apple's Safari system are not vulnerable to this current flaw. But Graham Cluley, senior consultant with security firm Sophos, said no browser is exempt from problems. "Firefox has issued patches and Apple has too. Whichever browser you are using you have to keep it up to date," he said. "People have to be prepared and willing to install security updates. That nagging screen asking if you want to update should not be ignored," he said. http://news.bbc.co.uk/2/hi/technology/7787445.stm
I think the Main problem is not the browser itself as it for a long time doesn't suffer from direct attacks like buffer overflow in the browser code directly. The problem is on the "always day after day" adding features / goodies or tools to get something different. If you wanna be more safe as well, run your web browser into linux or unix based OS and adopt a browser who is not use by a large amount of users. By using linux (who is not "risk-free")this will decrease your chances to be caught. In fact 80% browser based attacks is based on a payload for windows based Operating System ( who is the most used). And by using a unknow browser you have more chance that the others attacks ( unix based payloads ) Will not affect you till the browser code is not checked by many hackers for such vulnerability. But Stay in mind: You are never 100% secure. be careful.
The article (and Microsoft) said: and security experts have said now (and always have) But this guy says: But Microsoft says it's only IE. Who is wrong?
Making it Pure "Cracker of the Year" Why? It's when the Firefox 1.5 - 2.x.x didn't had security flaws? Cookie stealing was too often on Firefox and Opera. IE was being used for security Reasons. Defending IE. IE is a classy thing. You can't beat em up.