drquoz writes "Last week, it was reported that a critical security flaw was found in Internet Explorer. On Tuesday, experts were advising users not to use IE until a patch could be released. On Wednesday, Microsoft released the patch. An interesting quote from the article: 'Kandek suggests that Microsoft is at a disadvantage in updating Internet Explorer because its browser doesn't have a built-in update mechanism like other browser makers. Mozilla, for instance, just released Firefox 3.05 to Firefox users through its auto-update system.'"

bogaboga writes "TG Daily reports that Microsoft quietly released the first update to its IE8 beta 2 to its closest partners last week. This new version only scores a dismal 12/100 on the Acid 3 test, though the score improves significantly if one leaves the [browser] window open for at least a minute. It is marked as 'Release Candidate 1.'"

It appears that the exploit in IE briefly mentioned a few days ago is causing a serious reaction: SteveAU writes "Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched. The flaw, which affects all versions of Microsoft Internet Explorer, is manifested via malware and has infected over 6,000 sites thus far. Microsoft states: 'The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.'" According to the BBC report, though, Microsoft itself is only asking that users be "vigilant while it investigated and prepared an emergency patch"; it's outside experts who say to dump IE (at least for now).

Update: 12/16 21:11 GMT by KD : Microsoft will issue an emergency critical update for IE tomorrow.

An anonymous reader writes "Microsoft's Live Labs have introduced a new service that lets users collect snippets of information from Web sites and share the collections with others. It's similar in concept to Mozilla's Joey, a defunct project that let people copy and paste portions of Web pages onto a single page that they could access from their mobile phones or another computer. Thumbtack is also like other available services, including Google Notebook. But Thumbtack developers think their service has a difference. 'Thumbtack stands apart in its ability to introspect on incoming data in order to automatically classify it and extract structure from it using machine learning,' according to the FAQ about the service."

Harry writes "I can't remember another time when there were so many Web browsers in prerelease form — 2009 should be a really, really good year for final browser versions. I have posted a quick recap of the state of the upcoming versions of Chrome, Firefox, Internet Explorer, and Safari." It is nice to see a healthy market of competition driving innovation in a market that has been largely stagnant in recent history. What do other folks see on the scorecard?

jcasman passes along a heads-up on Lunascape, a Japanese browser company that is releasing its first English version of its Lunascape 5 triple-engine browser. It's for XP and Vista only. There are reviews up at CNET, OStatic (quoted below), and Lifehacker. Both the reviews and comments point out that, in its current alpha state, the browser is buggy and not very fast; but it might be one to watch. "How many web browsers do you run? If you're like me, you regularly use Firefox, Internet Explorer, Chrome and Safari. Each of those browsers, of course, has its own underlying rendering engine: Gecko (in Firefox), Trident (in Internet Explorer), and Webkit (in Chrome and Safari). Today, a Japanese startup called Lunascape has released an alpha version of its Lunascape browser ... that allows you to switch between all three of these prominent rendering engines. The company says that the Japanese version of Lunascape has been downloaded 10 million times and touts it as the fastest browser available."

Barence writes "Microsoft has confirmed that Internet Explorer 8 will not be officially released until 2009. According to a blog posting on the Internet Explorer 8 development site, a release candidate of the browser will be released in the first quarter of next year, to be followed by a final release at an unspecified date. This news comes on the same day that Google is considering bundling its Chrome browser with new PCs. Will the IE delay and Google's tactics help to steer users in Chrome's direction?"

darthcamaro writes "Running IE and been hacked? Don't blame Microsoft — at least that's what their security types are now arguing. 'One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore,' Eric Lawrence, Security Program Manager on Microsoft's Internet Explorer team, said. 'The browser is becoming a harder target and there are many more browsers. So attackers are targeting add-ons.' This kinda makes sense since whether you're running IE, Firefox, Safari or Chrome you could still be at risk if there is a vulnerability in Flash, PDF, QuickTime or another popular add-on. Or does it?"

Da Massive writes "'Why is IE still relevant and why is it worth spending money on rendering engines when there are open source ones available that can respond to changes in Web standards faster?,' asked a young developer to Microsoft CEO Steve Ballmer in Sydney yesterday. 'That's cheeky, but a good question, but cheeky,' Ballmer said. Then came the startling revelation that Microsoft may also adopt an open source browser engine. 'Open source is interesting,' he said. 'Apple has embraced Webkit and we may look at that, but we will continue to build extensions for IE 8.'"

An anonymous reader writes "As discussed previously on Slashdot, concern has been raised over a class of 'clickjacking' vulnerabilities which affect all major Web browsers. These exploits allow an attacker to place invisible or seemingly legit objects on a Web page that perform undesired actions when a user clicks on them. In recent developments, 'Guya' posted a scary proof-of-concept that hijacks Adobe Flash Player to spy on users with a webcam and/or microphone. In response, Adobe released an advisory with a temporary workaround, and stated that a future Player update will address the exploit. This prompted the original disclosers of the vulnerabilities to post a summary of the exploits. Additionally, Giorgio Maone, creator of the popular NoScript extension for Firefox and other Gecko-based browsers, released version 1.8.2.1 of NoScript, which adds 'ClearClick,' a feature that intercepts clicks made on invisible or otherwise obscured elements on a page. Although issues remain, there seems to be progress in addressing these security problems."

Shipment Date writes "ZDNet's Zero Day blog has some new information on what looks like a scary new browser exploit/threat affecting all the major desktop platforms — Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash. The threat, called Clickjacking, was to be discussed at the OWASP conference but was nixed at the last minute at hte request of affected vendors. From the article: 'In a nutshell, it's when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you.'"

CWmike writes "Microsoft has defended the IE8 tool that suggests sites based on URLs typed into its address bar, saying that the browser 'phones home' only a limited amount of information to Microsoft and that the company discards all user IP addresses almost immediately. Company managers also contrasted IE8 Beta 2's 'Suggested Sites' feature with the 'Suggest' feature used by Google Chrome, saying that Microsoft's requires the user's explicit permission before it's used. They did acknowledge a bug that prevents the request from reappearing when users reinstall the browser. Cyra Richardson, a Microsoft principal program manager on the IE team, said: 'Suggested Sites is connected to the browser's history, and it's not looking at each of the keystrokes. IE only captures the URL as it is navigated [to], when that URL goes into your history.' Nor does Suggested Sites log and transmit cookies to Microsoft's servers, as does Google Suggest, Richardson said. 'The data we log is actually pretty innocuous.'"

snydeq writes "Google Chrome and Internet Explorer 8 herald a new, resource-intensive era in Web browsing, one sure to shift our conception of acceptable minimum system requirements, InfoWorld's Randall Kennedy concludes in his head-to-head comparison of the recently announced multi-process, tabbed browsers. Whereas single-process browsers such as Firefox aim for lean, efficient browsing experiences, Chrome and IE 8 are all about delivering a robust platform for reliably running multiple Web apps in a tabbed format in answer to the Web's evolving needs. To do this, Chrome takes a 'purist' approach, launching multiple, discrete processes to isolate and protect each tab's contents. IE 8, on the other hand, goes hybrid, creating multiple instances of the iexplore.exe process without specifically assigning each tab to its own instance. 'Google's purist approach will ultimately prove more robust,' Kennedy argues, 'but at a cost in terms of resource consumption.' At what cost? Kennedy's comparison found Chrome 'out-bloated' IE 8, consuming an average of 267MB vs. IE 8's 211MB. This, and recent indications that IE 8 itself consumes more resources than XP, surely announce a new, very demanding era in Web-centric computing."

snydeq writes "Consuming twice as much RAM as Firefox and saturating the CPU with nearly six times as many execution threads, Microsoft's latest beta release of Internet Explorer 8 is in fact more demanding on your PC than Windows XP itself, research firm Devil Mountain Software found in performance tests. According to the firm, which operates a community-based testing network, IE8 Beta 2 consumed 380MB of RAM and spawned 171 concurrent threads during a multi-tab browsing test of popular Web destinations. InfoWorld's Randall Kennedy speculates that Microsoft may be designing IE8 for the multicore future. But until your machine sports four or eight discrete processing cores, IE8 will remain 'porcine,' Devil Mountain's Craig Barth says."

An anonymous reader points out a story in The Register by Opera Software CTO Hakon Lie which tells the story of how Microsoft's interoperability promise for IE8 seems to have been broken in less than six months. Quoting: "In March, Microsoft announced that their upcoming Internet Explorer 8 would: use its most standards compliant mode, IE8 Standards, as the default. Note the last word: default. Microsoft argued that, in light of their newly published interoperability principles, it was the right thing to do. This declaration heralded an about-face and was widely praised by the web standards community; people were stunned and delighted by Microsoft's promise. This week, the promise was broken."

Tim writes "English, German, Simplified Chinese, and Japanese versions of Internet Explorer 8 have been released for public beta. New features include accelerators, which provide instant context menu access for a number of common tasks; automatic crash recovery, which prevents a single page's failures from taking down your entire browser; and browser privacy, a feature that didn't make Firefox 3. I'm primarily a Firefox user, and I've been using IE8 at work (MS) for the past few weeks. It's a definite improvement over previous versions, and brings a lot to the table that Firefox requires extensions for. Give it a spin, submit feedback, and help keep all browser makers on their toes by facing each other's competition."

JagsLive sends in a Washington Post blog post reflecting on one privacy-enhancing feature of the upcoming Internet Explorer 8, the so-called "InPrivate Blocking" that has privacy advocates quietly cheering, and advertisers seriously worrying. Here is Microsoft's description of the feature. From the Post: "The advertising industry is bracing for trouble from the next version of Microsoft's Internet Explorer, details of which were announced today, because it will offer a feature that blocks some ads and other content from third-parties that shows up on Web pages. A Microsoft spokesman said that the feature, to be known as 'InPrivate Blocking,' was never designed to be an ad blocker, though 'there may be ads that get blocked.' Instead, it was designed to stop tracking 'pixels' or pieces of code that could allow third-party sites to track users as they move around the Web."

least_weasel writes "An article on Ars Technica reveals Mozilla's intention to create and release a plugin for Internet Explorer that would allow the often-criticized IE to utilize some of the cooler rendering code developed for Firefox. The current WIP focuses on rendering using HTML5 standards, but the plans seem to be more ambitious than just fixing this one small piece of IE. The article covers some of the plans, hurdles, and potential benefits. It also spills the beans on the code name for the project: Screaming Monkey."

Reader Alex links to news of a study comparing the currency and patch level of various Web browsers, excerpting: "Firefox users were far and away the most likely to use the latest version, with an overwhelming 83.3 percent running an updated browser on any given day. However, despite Firefox's single click integrate auto-update functionality, 16.7 percent of Firefox users still continue to access the Web with an outdated version of the browser, researchers said. The study also revealed that the majority of Safari users (65.3) percent were likely to use the latest version of the browser between December 2007 and June 2008, after Safari version 3 became available. Meanwhile, Microsoft's Internet Explorer users ranked last in terms of safe browsing. Between January 2007 and June 2008, less than half of IE users — 47.6 percent — were running the most secure browser version during the same time period."

Trailrunner7 writes "Internet Explorer has been a security punching bag for years, and rightfully so. IE 6 was arguably the least secure browser of all time. But Microsoft has been trying to get their act together on security, and the new beta of IE 8, due in August, will have a slew of new security features, including protection against Type-1 cross-site scripting attacks, a better phishing filter and better security for ActiveX controls."