Tuesday’s Update for Internet Explorer updates the IE9 Help > About dialog’s version number to v9.0.2. The update includes a number of security and functionality fixes; many of these fixes are described in the More Information section of KB2559049. One fix enables the IE9 Download Manager to properly save files on network drives where the user has limited permissions. Another fix helps ensure that IE8 can properly access sites that advertise IPv6 addresses when those sites are not reachable over IPv6 due to configuration errors on the site or the user’s network.
Two of the security-related changes impact obscure Internet Explorer behaviors in all supported browser versions (6 to 9)—I’ll discuss both of these changes in this post.
HTTP/HTTPS pages cannot use the File:// Protocol
Prior to this update, Internet Explorer would permit HTTP- and HTTPS-delivered pages to utilize resources (e.g. in IMG, SCRIPT, LINK, and IFRAME tags) that are delivered using the file:// protocol scheme. IE would only block loading of resources from the local computer (e.g. file:///C:/temp/test.gif), but resources from non-local paths would be allowed. Here’s an example page displayed in IE 9.0.1:
Read more: EricLaw's IEInternals
QR:
Posts
