I was reminded today about this, and, for the sake of completeness, I thought I should report this. Slashdot had a post about the instabilities of browsers given badly formed HTML. Basically, most browsers tested had problems, but Internet Explorer didn't crash on the test. For the record, I think Michal Zalewski may be overstating the case regarding the quality of the "core code" as he calls it. And my bet would be on bugs getting fixed faster in the "alternative browsers" (especially Mozilla - though, as they only release milestone builds so often, it's true most people would not get the fix right away). This is not per se a security problem, either, so in terms of exploitability this doesn't say too much against the other browsers. But it does point to the fact that there probably needs to be better and more methodological testing.
[Actually, I take some of that back. Some of this may be exploitable. I need to avoid commenting about things I read a couple days ago... Not to mention on topics I am not expert it...]
[And an update in which IE does finally crash. So... They all crash on bad HTML. Kind of sad, but typical. Well, at least it's universal. You may now choose the lesser of x evils.]
[Yet another update: It occurred to me that with Windows update, IE can get patched faster. In my experience the code doesn't get fixed as fast though, but it will probably get released sooner to the average user.]
[Yet one final update, I hope: One of the Mozilla developers had a blog entry about this. He has a good, no great point regarding the overyly-enthusiastic, under-informed opinions some of us users have occasionally been known to indulge in. (In substance, by the way, IE is "less secure" as far as we know at the moment, at least as far as I understand the situation, but that could change at any time.) He also displays some frustration, in my interpretaiton regarding the security issue. Hopefully this will lead to some changes.]
Want to comment? You'll need to create an account first.
