A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to conduct cross-site scripting (XSS) attacks. The vulnerability is caused due to an error in the way the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler interprets MIME-formatted requests for content blocks within a document.
Is this threat limited to IE? Or are other browsers on Windows affected as well? I can’t tell from the description.
Just to answer my own question, yes, this appears to be limited to IE. InfoWorld has a story on it: http://www.infoworld.com/t/malware/what-microsoft-didnt-say-about-t…
BTW, has anybody even HEARD of MHTML? I kinda like the idea; I wouldn’t mind sending somebody an MHTML doc instead of a PDF, for example. But none of the other browsers support MHTML (which is why they’re safe), and I’ve never encountered an MHTML file in the real world.
I’ve read an article on this vulnerability and it said Opera also handles that format.
Edited 2011-02-02 13:34 UTC
I believe so. I just tried to open one with Firefox and it asked if I wanted to open it with IE. It is an MS format. You can also save the mhtml to a doc format using MS Word. It wouldn’t work with Abiword either.
This site have a few saved in the format!
http://www.ensignsupport.com/cgi-bin/ensign/bb.cgi?edtFind=
Sorry, why is that a news ? MS and their IE have multiple vulnerabilities, just check this out – http://secunia.com/advisories/windows_insecure_library_loading/