IE users warned to disable JavaScript

News Ben Camm-Jones Nov 23, 2009

If you use version 6 or 7 of Microsoft's Internet Explorer browser you should disable the JavaScript function immediately.

Security experts have warned anyone using Internet Explorer 6 or 7 on a Windows XP or Windows Vista PC to take immediate steps to ensure their security.

This is because an exploit for a previously unknown flaw in the browser has been spotted in circulation.

Microsoft issues IE flaw advice

The flaw could enable a hacker to take over a computer if a surfer visited a compromised website using a vulnerable version of the IE browser.

Proof-of-concept code is already circulating on the web, with more exploit code likely to be on the way.

Security firm Symantec advised surfers to disable JavaScript in IE and to ensure their anti-virus definitions were up to date.

"The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into sites, infecting potential visitors," Symantec said in a statement.

Browser help and advice

You can disable JavaScript in IE7 by going to Tools, Internet Options, click on the Security tab and then click on Custom Level. Scroll down until you find the entry for Scripting, then click on Disable.

In IE6, follow the same instructions, though you are looking for the entry for 'Active scripting' in the Custom Level dialogue box. You will also need to restart your browser for the fix to take effect.

Other versions of Internet Explorer and Windows could also be affected, Symantec warned.

EDIT: Link to original Symantec advisory added.

Great Christmas savings when you subscribe to Web User magazine. Order now and save up to 30%.