Tag: IE

Posted on
by

Mozilla is testing an update to Firefox that will fix the vulnerabilities found this weekend. That’s roughly two days since they were announced. I figure the final release will be later this week.

Now check out security firm Secunia’s pages on Known Firefox 1.x vulnerabilities and known IE 6.x vulnerabilities. Compare the number, severity and age of still-unpatched vulnerabilities. There are 2-year-old vulnerabilities in IE that have never been fixed!

This may help explain the “double standard” Photomatt and others see in the way many people react to security flaws found in the two browsers. If nothing else, Mozilla is perceived as having a faster reaction time and, overall, a better track record. So it’s a matter of “Eh, they’ll fix it in a few days,” vs. “My God, man, not another one!”

Posted on
by

Some potentially nasty browser security vulnerabilities found this weekend in Mozilla and in Safari. Both involve software update mechanisms. The Firefox one tricks the browser into thinking it’s installing from a trusted update site (the maintainers of updates.mozilla.org and addons.mozilla.org—the only trusted sites by default—have made some changes on their server to prevent the exploit from working). The Safari one takes advantage of the Macintosh tradition of automatically opening archives. This one just happens to unzip itself into the location where Dashboard stores its widgets.

IEBlog has weighed in with a balanced (i.e. non-fanboyish) comment on just who “us” vs. “them” should mean: responsible developers & security researchers vs. the malicious ones. It won’t happen—people are too hunkered down in their own trenches—and even with Mozilla, Opera and Apple collaborating on specs, I don’t expect to see much in the way of collaboration on security except in the actual open-source world. (Even then, I suspect there’s too much rivalry between Gecko and KHTML developers to do much collaboration.) Continue reading

Posted on
by

It’s been anticipated since Apple first announced Safari, but it’s still a minor shock to see it actually happen. Daring Fireball reports that Internet Explorer is no longer included with Mac OS X Tiger.

You can still download it from Microsoft, but given that they dissolved the development team a few years ago, there’s not much point except for site testing.

(The one I can’t figure out is why they’ve apparently left out StuffIt Expander as well.)

Posted on
by

Sometimes you want to know exactly what software people (or bots) are using to view your website. Sometimes all you want to know is which rendering engine’s quirks you need to cater to. To that end, I have here the ultra-simple browser detection algorithm. Just check the User-Agent string for each of the following words, in order:

  1. Opera — they spoof IE by default, so check here first. If they ever change this to something else, you’ll be glad you started here.
  2. KHTML — this will catch Safari, Omniweb and Konqueror. They mention Gecko, so if you need to treat them differently, check for KHTML first.
  3. Gecko — this will catch Mozilla, Firefox, Camino, Netscape 6+, etc.
  4. MSIE — this should Internet Explorer and anything else that uses its engine.
  5. bot, spider, crawler, or compatible — filter out robots and anything unknown.
  6. Mozillajust about everyone uses Mozilla in their UA string these days, but the rules above should filter most of them out and leave only old-school Netscape.

Of course, Mozilla, Opera and Safari have put much more effort than IE into following the standards, so most of the time you can write your code using the spec and just build in work-arounds. The way I look at it, there are three main categories:

  1. Standards-compliant(ish) browsers: Gecko, Opera, KHTML
  2. MSIE
  3. Everything else

I write for group 1, work-around for group 2 (and sometimes other browsers in group 1), and figure that group 3 (with the exception of Netscape 4, which has a tendency to do things like make links unclickable or hide entire chunks of the page if it doesn’t like your CSS) should at least be able to figure out how the text and graphics break down. It may not look perfect in randombrowser, but it should at least be comprehensible.

Posted on
by

Web designers have clamored for it for years, since they saw what you could do with PNG images’ multi-level transparency (now available in every major browser except Internet Explorer, and several minor ones). It’s been speculated on for months, and rumored for several weeks.

And now, the wait is over. Microsoft has confirmed a few details about IE7 beta 1:

Support the alpha channel in PNG images. We’ve actually had this on our radar for a long time, and have had it supported in the code for a while now. We have certainly heard the clear feedback from the web design community that per-pixel alpha is a really important feature.

Woo hoo!