"JavaScript Redirector" can trick browser into exposing files.

October is the cruelest month for Microsoft and Internet Explorer 5, compliments of one Georgi Guninski, the noted hacker from Bulgaria. Exposing no fewer than three security holes over the last 30 days, Guninski has recently uncovered yet one more privacy flaw in IE 5 - the "JavaScript Redirector." This latest vulnerability employs some JavaScript sleight of hand and a little domain redirection to trick IE 5 into exposing local files. Basically, wrongdoers could create a JavaScript application capable of violating cross-domain restrictions between your browser and their Web server. "By doing redirections, what gets lost in the movement is the information on where the data is and what domain it lives in," explained Scott Culp, product manager in charge of security response at Microsoft. "Normally, when a server says that it wants to see [local] data, IE says no. But in this case, it_s possible to lose that distinction through this redirect mechanism. So when the server says I want to see the data, IE says OK." As with many Guninski-discovered security breaches, the "JavaScript Redirector" bug does not put data at risk, only privacy, as evidenced by testing done at KeyLabs. "The JavaScript redirector flaw divulges private files," said Ralph Decker, lab director for KeyLabs. "It can only read files; it can_t delete, move or change them."Microsoft plans to post a software patch for this security hole as soon as its standards practices will allow. Until then, the company recommends that users disable Active Scripting. If you recall the earlier "Download Behavior" bug, which also necessitated the dismissal of Active Scripting, this all-encompassing approach leaves your browser incapable of interacting with JavaScript- and VBScript-centric content. This means that you_ll have to add trusted sites to IE 5_s Trusted Sites Zone from the Security Tab within your Internet Options dialog box.