Sunday, October 14, 2012

TechSNAP Viewer Discovers Critical Internet Explorer Flaw

You all remember TechSNAP, right? It's that very geeky show that is found at Jupiter Broadcasting. I wrote about them before, even posting a video of one of their shows that was probably helpful to all of you.

This time around, a user from TechSNAP submitted this flaw found in IE that describes that IE9 and IE8 in compatibility mode could mistakenly execute JavaScript code that was supposed to be displayed. Basically, it would render plain text as HTML, and then JavaScript could be rendered if it was put in that format.
This means that a raw view of some pastebin JavaScript code ends up being executed instead of displayed, and this is an obvious security risk. If you want a proof of concept, visit this page. It is ok to load up that page, as the page is simply a JavaScript alert telling you that IE is a dangerous browser, and to download an alternative one. In this case, Firefox was listed at the time of this post. You can also read more about this specific IE flaw by going here.

Below is an embed of the TechSNAP episode. The approximate time when the IE segment starts is 33:50. I also encourage you to visit the show notes for this episode, as this also talks about some Facebook flaw, and some stuff about security risks with certain cell manufacturers.
Let me know of your thoughts on this in the comments below.