IE may share Mozilla 'shell:' flaw

A security firm is claiming that Internet Explorer may also have the vulnerability that was announced for the Mozilla browser last week

Mozilla, the browser that's weaning a portion of the Internet Explorer faithful away from Redmond's offerings, discovered last week that it had a security hole – not good news for a browser that's been touted by followers as a winner on security. This week, it seems the very same hole could be turning up in IE.

Secunia, which tracks software vulnerabilities and shared Mozilla's flaw with the public, has announced that IE could be equally vulnerable.

The flaw means that MSN Messenger and Word could allow malware merchants to run programs via embedded links included in Word documents or IM messages as it doesn't protect access to the "shell:" functionality.

The Mozilla Foundation has already issued a patch. Microsoft is investigating the possibility of Internet Explorer being vulnerable to the same flaw but has heard of no reported cases of the hole being used as a basis for attacks.