Time for a rant; how many sites are pointing out that many web browsers are vulnerable to the window injection vulnerability?
Edit: fix title.
Come on guys - are people really so determined to find bad news about IE7 that they are willing to let important information about a vulnerability go unmentioned in their reports?
Despite the Secunia Windows Injection Vulnerability Test URL being http://secunia.com/multiple_browsers_window_injection_vulnerability_test/, and the test itself mentioning multiple Web browsers being affected, many news sites and blogs only mention IE7 in their reports.
Now, assuming that all of the Web sites below actually looked at the vulnerability test page, and read its content, as distinct to only reading the Secunia report specific to IE7, I have to ask why so few sites are mentioning that multiple Web browsers are vulnerable? Are they leaving it to their readers to discover it for themselves? Does it make for better press, or grab more hits, or cause more of a stir, if they only mention IE7?
I've completed a quick survey of news sites that have reported on the window injection vulnerability to see who, at the time of writing, mentions that many Web browsers are affected - so far, things are not looking good - yes, I know several of the sites are quite obscure, but they're the ones that have come up in News, Web and Blog searches.
Edit: The Microsoft Security Response Team responds:
Auscert, thankfully, points out that many browsers are affected:
eweek - nope:
(quote from a spokesperson at MS in the eweek article - "[Secunia] describes a by-design behavior in popular Web browsers that allows a Web site to open or re-use a pop-up window. In Internet Explorer 7, the Web page's actual URL is displayed in a pop-up window address bar, enabling users to accurately make a trust decision," - not only that, the bad sites have to get past the phishing filter and all the other difficulties described in my blog entry.
the register - nope:
bink.nu - nope:
itnews.com.au - nope
itnews.com.au again - nope, but they do mention that FF2 seems to be immune
neowin? - YES!!!
betanews - YES!!
securiteam - nope:
cbsca - nope:
bitsofnews - nope:
blogsforfirefox - nope:
faill.com - nope:
tipsdr.com - nope:
networksecurity.fi - nope:
vnunet.com - nope:
Even Harry makes no mention