IE browser XSS flaw opens door to thieves and phishers
IE browser XSS flaw opens door to thieves and phishers

Application vulnerabilities continue to exist because they are built for out-of-date browsers such as Internet Explorer 6.

According to Browsium, many enterprises will not move off of IE6 because of the cost of getting their applications to work within other browsers.

Gary Schare, CEO of Browsium, said there are millions of applications 'stuck' on the ten-year-old IE6 browser. A vulnerability in IE6 was blamed as the cause of the Aurora attack on Google, despite efforts by Microsoft to encourage users to upgrade to its modern, more secure edition of the browser.

During September, more than a thousand (1,056) of the visitors to SC Magazine's UK website were using IE6, accounting for 2.8 per cent of total visitors.

Schare said: “Companies know they should not be using this, and from a security and functionality perspective they are between a rock and a hard place and support is running out. Eventually everyone will need to move off IE6 or they will have to pay lots of money to Microsoft when it ends support.

“Having the technology to upgrade from IE6 is the biggest stumbling block. Each application can cost millions of dollars to replace or revise.”

Browsium has recently developed a technology whereby IE6 can continue to be run in a sandboxed environment to enable applications to be accessed but without the security risks.

Browsium CTO Matt Crowley said UniBrows' sandboxing of sessions means data is not written to the disc. This means that any attacks can be monitored and the application does not make any changes to the system.

Oren Taylor, director at CDG, which recently announced a partnership with Browsium, said once a user upgrades to IE8, the IE6 application is gone, which restores the capability needed to run it.

He said: “Don't think of this as sandboxing, think about it as application virtualisation. This does all layer complexity and is designed to cut out all problems and complexity.”