Tuesday, 30 December 2003
Third-party fix for IE URL spoof vulnerability
While Microsoft has yet to fix the URL spoof vulerability in its Internet Explorer browser, at least one amateur software enthusiast community has come up with a robust solution. Users of Proxomitron have found a way to use the local proxy server and web filtering client to work around IE's shortcoming. The proxomitron filters posted in this forum alter links and buttons that lead to web pages that exploit this vulnerability. Additional filters posted there will trigger an alert message box when the active web page contains links that exploit the vulnerability.
These solutions were created by users, free of charge and with no expectation for payment — for fun and for the benefit of Internet users generally. The first request for a fix was posted on 12 December, and four filters were available that same day. Over the next five days, the filters were refined and made more robust, until they handled all situations yet conceived by their developers. Note for emphasis: amateurs created a comprehensive solution in five days. All this happened while Microsoft, one of the most profitable software companies in the world, has been unable or unwilling to fix the problem for nearly a month. Anyone care to explain to me again how high-quality software cannot exist without a profit motive?