If this article is accurate, Micorsoft's response is inadequate. Basically, don't use the back button on untrusted sites.
Quote:
The problem is caused by what can politely be described as a design flaw in Explorer. When a Web page fails to load, Explorer displays a standard error message. This message is set to operate in the "Local Computer Zone" security setting, which by default allows scripting to run automatically.
Any code inserted in the original URL is handled as if it comes from the same security zone as the last URL viewed. So a URL containing malicious JavaScript that might be blocked by default if a user visits the site directly, will be automatically triggered when the user presses the back button.
... [discoverer] Sandblad suggested the usual fix for browser woes; disable active scripting.
|
I guess "Local Computer Zone" means "Local Intranet" in Internet Options? In the typical home setup, no network other than an internet connection, why not just set security at the same level for all four icons (Win98, IE 5):
-Internet
-Local Intranet
-Trusted Sites
-Restricted Sites
OK, maybe higher on the last one! But the first three could be set high, or medium + script blocking, right?
Wouldn't that work for most people? Who needs local active scripts? I guess that's just what Sandblad is saying.
Linear Mode
