Back To Start Of Archive
Taken From The Forum: Help & Support for DHTML Menu Version 5+
Forum Topic: Click to view post
Last Updated: Saturday July 14 2012 - 06:07:40
IE Critical Security Update Q828750 kills menus?
Poster: clmensch
Dated: Thursday February 26 2004 - 22:35:00 GMT
One of our users has been complaining that he is not seeing any menus in IE6 since his company installed the IE Security Update Q828750 (http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp). Is this a known issue? He said his company tech support told him that our site uses a DHTML security hole! We could not find any information on this topic in the forum, and can not replicate the problem ourselves...we applied the update and the menus still work fine. The only mention of DHTML in the security bulletin (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-040.asp) is this:
Quote:
In addition, a change has been made to the method by which Internet Explorer handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer Restricted Zone. It could be possible for an attacker exploiting a separate vulnerability (such as one of the two vulnerabilities discussed above) to cause Internet Explorer to run script code in the security context of the Internet Zone.
Just to be sure, I attempted to update Milonic to the current version (5.04). I copied/overwrote all of the .js files in our test server's "/js/menu" directory except for "menu_data.js" with the .js files in the 5.04 update .zip file, but now receive the following error when accessing the site:
Code:
Error: _drawMenu is not defined
Source File: http://192.168.1.112/js/menu/milonic_src.js
Line: 16
Source File: http://192.168.1.112/js/menu/milonic_src.js
Line: 16
Could I possibly be missing some information in our custom menu_data.js file? It is not clear what, if any, changes need to be made to our implementation of the Milonic objects to bring them up-to-date. We were using version 5.0 up until this point. Thoughts?
Poster: Maz
Dated: Thursday February 26 2004 - 23:52:18 GMT
Sounds like you have it correct, a url would be helpful to see if there is something wrong on menu-data.
This reminds me of jolly old England, when they put a tax on windoze no one got any light, in this case they may as well block off the internet then they wouldn't have to worry about security holes, so this is the answer to Bill Gates doing something about security
maz
Poster: Andy
Dated: Friday February 27 2004 - 10:33:02 GMT
Hi clmensch,
I can assure you that the menu isn't being blocked by the "October 2003, Cumulative Patch for Internet Explorer (828750)"
We run the very latest versions of ALL Microsoft software here and this WILL include the above patch. We see no problems with the menu and this is the first time this problem has been brought to my attention.
As the patch was released in October 2003 and due to the very high number of menu users, we would have heard something long ago if the patch did have an effect.
With regard to the menu not working on your local machine, http://192.168.1.112 - My guess is that the file locations are not being declared properly in the <SCRIPT> tags.
Hope this helps
Andy
File locations didn't change
Poster: clmensch
Dated: Friday February 27 2004 - 17:05:14 GMT
Thanks...I had a feeling that the security update was not the issue.
I double checked the file locations in the script, and they seem to be OK. I did not alter any of the script tags when updating...I simply overwrite the old .js files with the new .js files...except for our custom menu_data.js. But the error is occurring in milonic_src.js. I'll continue playing with it...
Re: File locations didn't change
Poster: kevin3442
Dated: Friday February 27 2004 - 17:14:29 GMT
clmensch wrote:
...But the error is occurring in milonic_src.js. I'll continue playing with it...
js error messages are often not very helpful, particularly from IE. The error message shows that the error takes place while something is being processed in milonic_src.js, but that doesn't mean that that there is an error in that particular code, at that particular location. In other words, the message results from a problem further up stream in the processing.
I'd suggest this: download another update, just to make sure something didn't get changed during the download. Upload milonic_src.js, mmenudom.js, and mmenuns4.js again, replacing the current ones one your site. Make sure the upload is in plain text. Trying this again will at least go some measure toward eliminating the possibiliy that there was a problem that changed a file during the download or the upload.
Kevin
fixed?
Poster: clmensch
Dated: Friday February 27 2004 - 18:04:31 GMT
Well, I downloaded the 5.03 update, and replaced our current version with it, and we still got the same error. I tried copying it over AGAIN, just for kicks, and the error disappeared! Then I tried copying over the files with the 5.04 source, and the error was gone in that version as well! Odd. I swear we did not touch the code one bit...just copied files. Well, whatever works. We wrote to our user who was having issues, so now we'll just wait to hear if the update solves his problem.
By the way, I found the error in milonic_src.js by using Mozilla's (far superior) javascript debugging console. The IE error was ambigous ("Object Expected", line 17 in the source html file, not the js file), which is no surprise.
Thanks again for your help...