14 DAY TRIAL // Internet Explorer, the browser included into the famous operating system Windows, is again brought into spotlights although the folks from the Redmond company didn't do anything for it. Security company Secunia reported a flaw in both Internet Explorer 6 and Internet Explorer 7 that might allow an attacker to obtain your private FTP usernames and passwords. Although Secunia rated the flaw as not critical, it's an obvious sign that Microsoft's software solution is also vulnerable to attacks and sometimes it's not the best alternative for other rivals such as Mozilla's Firefox.
"FTP site, the username and password is stored in the file (e.g. an HTML file) when viewing and then saving (using "File" -> "SaveAs") it. This may lead to exposure of the username and password if a user e.g. uploads the saved file or makes it otherwise accessible to other people. The weakness is reported in Internet Explorer version 6 and 7 (when using the "Open FTP Site in Windows Explorer"). Other versions may also be affected," Secunia mentioned in the advisory.
At this time, there is only one solution available: "do not make files (e.g. HTML files) that were opened and then saved via an FTP session in Internet Explorer available to others."
This is quite an image hit for the Redmond giant because some of the users might think to replace the Microsoft application with another browser such as Mozilla Firefox or other solution available on the market. Moreover, since there is no official solution to avoid the successful exploitation of the security hole, some of the consumers might decide to choose another browser and avoid the vulnerabilities discovered in Internet Explorer.
As you might know, Internet Explorer is currently involved into an important battle for the leadership of the domain with very powerful rivals such as Apple's Safari or Mozilla's Firefox.