Understanding Enhanced Protected Mode

Last week, Andy Zeigler announced the introduction of Enhanced Protected Mode (EPM) over on the IEBlog. In today’s post, I’d like to provide further technical details about EPM to help security researchers, IT professionals, enthusiasts, and developers better understand how this feature works and what impact it may have on scenarios they care about. Internet…

53

Mind Your Parameters

A recent blog post reminded me that I should blog about a bad pattern we saw a few months back while trying to fix some application compatibility bugs with IE10. It turns out that a lot of applications that want to invoke a webpage call ShellExecute without reading the documentation for the parameters of that function.    HINSTANCE ShellExecute( …


Internet Explorer 10 Consumer Preview Minor Changes List

Continuing on from last year’s IE9 Minor Changes list, this post describes minor changes you can find in Internet Explorer 10 in the Windows 8 Consumer Preview. There are many changes that I will not be covering, please do not mistake this for a comprehensive list, and please note that I’m deliberately skipping over the…

7

Beware Silly Similes

Recently, there was a blog post which described a browser security feature as “like a seat-belt that snaps when you crash.” This wasn’t a particularly noteworthy event because similes are pretty common in our field. Almost everyone likes similes because they enable the simplification of highly technical topics into easily-conceptualized terms that anyone can understand….


The Hazards of Browser Quirks, continued

My First Law of Browser Quirks was introduced a while ago: If there’s a way for a site to take dependency on a browser quirk, and break if that quirk is removed, it will happen. The Second Law of Browser Quirks is: If there’s a way for a site to combine a set of browser…

1