Time for a rant; how many sites are pointing out that many web browsers are vulnerable to the window injection vulnerability?

Edit: fix title. 

Come on guys - are people really so determined to find bad news about IE7 that they are willing to let important information about a vulnerability go unmentioned in their reports?

Despite the Secunia Windows Injection Vulnerability Test URL being http://secunia.com/multiple_browsers_window_injection_vulnerability_test/, and the test itself mentioning multiple Web browsers being affected, many news sites and blogs only mention IE7 in their reports.

Now, assuming that all of the Web sites below actually looked at the vulnerability test page, and read its content, as distinct to only reading the Secunia report specific to IE7, I have to ask why so few sites are mentioning that multiple Web browsers are vulnerable?  Are they leaving it to their readers to discover it for themselves?  Does it make for better press, or grab more hits, or cause more of a stir, if they only mention IE7?

I've completed a quick survey of news sites that have reported on the window injection vulnerability to see who, at the time of writing, mentions that many Web browsers are affected - so far, things are not looking good - yes, I know several of the sites are quite obscure, but they're the ones that have come up in News, Web and Blog searches.

Edit: The Microsoft Security Response Team responds:
http://blogs.technet.com/msrc/archive/2006/10/31/information-on-address-bar-issue.aspx

Auscert, thankfully, points out that many browsers are affected:
http://www.auscert.org.au/render.html?it=4602

eweek - nope:
http://www.eweek.com/article2/0,1895,2047195,00.asp 

(quote from a spokesperson at MS in the eweek article - "[Secunia] describes a by-design behavior in popular Web browsers that allows a Web site to open or re-use a pop-up window. In Internet Explorer 7, the Web page's actual URL is displayed in a pop-up window address bar, enabling users to accurately make a trust decision," - not only that, the bad sites have to get past the phishing filter and all the other difficulties described in my blog entry.

the register - nope:
http://www.theregister.co.uk/2006/10/30/ie_firefox_vulns/ 

bink.nu - nope:
http://bink.nu/Article8673.bink 

itnews.com.au - nope
http://www.itnews.com.au/newsstory.aspx?CIaNID=41462

itnews.com.au again - nope, but they do mention that FF2 seems to be immune
http://www.itnews.com.au/newsstory.aspx?CIaNID=41458

neowin? - YES!!!
http://www.neowin.net/forum/index.php?showtopic=507807

betanews - YES!!
http://www.betanews.com/article/Vulnerability_Affects_Firefox_and_IE_New_and_Old/1162235840

securiteam - nope:
http://blogs.securiteam.com/index.php/archives/706 

cbsca - nope:
http://www.cbc.ca/technology/story/2006/10/30/tech-ie7injection-061030.html 

bitsofnews - nope:
http://www.bitsofnews.com/index2.php?option=com_content&task=view&id=4277&pop=1&page=0&Itemid=44

blogsforfirefox - nope:
http://blogsforfirefox.blogspot.com/2006/10/thesecurity-score-ie7-3-ff2-0.html

faill.com - nope:
http://www.faill.com/story.php?id=255

tipsdr.com - nope:
http://www.tipsdr.com/?p=555

fergdawg:
http://fergdawg.blogspot.com/2006/10/old-window-injection-flaw-reappears-in.html

networksecurity.fi - nope:
http://networksecurity.typepad.com/networksecurity/2006/10/ie_7_window_inj.html

vnunet.com - nope:
http://www.vnunet.com/vnunet/news/2167585/ie-bug-opens-exposes-users

Even Harry makes no mention Sad
http://msmvps.com/blogs/harrywaldron/archive/2006/10/30/Internet-Explorer-7-Window-Injection-Vulnerability.aspx

Published Tue, Oct 31 2006 6:46 by sandi
Filed under:

Comments

# » Microsoft Responds to Latest IE7 Vulnerability Tips Dr.com

Tuesday, October 31, 2006 8:50 AM by » Microsoft Responds to Latest IE7 Vulnerability Tips Dr.com

PingBack from http://www.tipsdr.com/?p=560

# TipDr report again on the window contention injection issue brouhaha

Tuesday, October 31, 2006 4:04 PM by Spyware Sucks

Tips Dr have reported again on the window content injection "vulnerability" reported by Secunia