Here's a weird one. There is/are a bug or bugs in Internet Explorer and/or Firefox 2.0 that combine to make a "critical" security situation. For a technical discussion check out the PC World news item about it from this morning.
The following paragraph pretty much gets at the crux of the matter:
"While the flaw affects Internet Explorer users, it appears to be a risk only to those who already have Firefox installed. And to make matters more complicated, if a Firefox user were to click on one of the specially-written links, he would not be affected."
Seems confusing, but nobody ever said using a PC isn't "rocket science" at some level or another. Microsoft and Mozilla and other software makers do their best to shield you from the messy details of programming. Sometimes, however, it's unavoidable.
What it means is that if you're browsing the Web using IE ? but you also have Firefox 2 installed on your PC ? then you're at risk. Clicking on the wrong link or visiting a site with a poisoned banner ad, for example, could result in a successful takeover of your PC. But if you visit the same links running Firefox, no problem.
I'm not a referee in this, and neither am I a rocket scientist (and I don't even play one on TV), so I'm not going to try to point fingers at who I think is responsible. Microsoft says it's not their issue. Mozilla says it's a bug in IE but they're working to come out with a patch for Firefox soon.
In the meantime, security researcher Secunia has a couple of suggestions on how to avoid pitfalls. I endorse the first one: "Do not browse untrusted sites." But that can be easier said than done sometimes. Still, I do endorse the old saw "Be careful where you click."
The other suggestion, which is to disable the Firefox URL URI (uniform resource identifier) handler, requires that you edit the Windows registry, something I don't recommend unless you're pretty technical to start with. (Worst case, if you screw up in editing the registry, you can end up needing to completely reinstall Windows and all of your apps.)
So it sounds like, while you're waiting for the Mozilla folks to get a patch out, you should do one of two things. Either don't use IE or uninstall Firefox. Meanwhile, keep your eyes peeled for Firefox 2.0.0.5, which will contain the fix, according to the Mozilla Security Blog.
