Bofra explot hits The Register’s ad server

Early Saturday morning, the baner ad service used by The Register became infected with the Bofra/Frame exploit. If you visited The Register Saturday using Internet Explorer, and you’re not using XP SP2, it’s possible that you were infected. More details on the exploit are available here and here.

I’m posting about this since many people read The Register’s feed in FeedDemon. However, please note that this exploit would not affect you if you viewed The Register’s feed in a FeedDemon newspaper, since FeedDemon strips all suspicious code before displaying a newspaper.

10 thoughts on “Bofra explot hits The Register’s ad server

  1. Why do people still use IE ? I can’t understand it. If people were told that there car had series flaws every month they’d soon kick up a major stink.

  2. Can you _PLEASE_ start supporting Firefox officially as the embedded browser. I’ve completely stopped using IE for everything else. And many people have not been able to upgrade to XP SP 2 because of software issues. It would be great if there was no dependency on IE whatsoever so these security flaws would not affect FeedDemon users.

  3. Kevin, I would LOVE to officially support Mozilla as an embedded browser, but it’s not my call. The embeddable Mozilla control is simply too unstable and incomplete to be included in FeedDemon by default. But if you want to use Mozilla inside FeedDemon, it’s available as an unsupported feature.

  4. Nick,
    Have you considered using XPCOM to embed Mozilla instead of ActiveX? I believe the embedding should be possible without using the ActiveX control. While I understand that this may require some extra effort on your part I believe it will be worthwhile. IE is just too much of a security risk. I’m seriously considering switching to using Thunderbird’s RSS instead of FeedDemon for this reason. And that would be sad. I really like FeedDemon!

  5. That’s a nice article, but it’s not useful for FeedDemon. As the article itself explains, their embedding is “all smoke and mirrors” – it’s actually using Mozilla as an independent application and giving the illusion that it appears inside their app. This wouldn’t work for FeedDemon, since it doesn’t provide the level of control I’d need to handle events, detect feeds, provide integrated tabbed browsing, etc.

  6. I see your point. :-( Have you tried contacting one of the Mozilla foundation members? Perhaps they’d be interested in what you have to say about their lack of stable ActiveX support.

Comments are closed.