Comments on: Microsoft: New IE flaw limited in scope

A security bug in Internet Explorer discovered this week mostly affects users of certain developer tools, the software giant says.

[cjohn17]

The Deepest Sigh

Another day, another flaw. It the gift that keeps on giving.

[Andrew J Glina]

True

But it was Apple yesterday and it was the current product, not just a old developers tool.

Same flaw, different DLL.

What's wrong with IE is scripting should not be enabled in the Internet Zone. There should be no way to enable it in that zone nor should it's default be set to enable nor should the customer be constantly hammered with prompts to enable scripting. No site should be able to arbitrarily run code on a customers computer unless the site is trusted by that customer.
Unfortunately 3/4 of the web would have to be redesigned as most sites look for IE's user agent and serve up scripting based on that. Visit the same site with Firefox and it works without the scripting support yet these sites refuse to render properly with a secured IE. This site for instance is riddled with scripts of every variety and it is in my Trusted Sites list or it wouldn't render properly. For casual surfing to all manner of various nefarious internet sites scripting of any sort simply should not be enabled by default.
Until Microsoft gets this through their thick head IE will always have problems. It's this DLL today and tommorro it'll be some other.