In the wake of Microsoft’s announcement Saturday that Internet Explorer versions 6 through 11 were at risk for attacks from malicious websites, the U.S. Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) issued a bulletin advising users to cease using IE until a patch is made for this serious security issue. Sauce Labs has been working to assess the impact of this issue on our users.
The vulnerability allows the creator of a web page to gain complete control of a user’s computer. Because Sauce Labs' virtual machines are restored from a pristine image for every test, there is nothing on the VM that would be of value when a test starts, and nothing left over from previous tests. Using the IE vulnerability, an attacker with control of a customer's test site could only gain access to that test site. Therefore, we believe it is safe to use IE on Sauce Labs.
There is one danger Sauce Labs users should be aware of: within a session, if you navigate to a malicious website, an attacker with control of that site could gain access to the rest of your test session. To avoid exposure to this and other browser vulnerabilities, we recommend that our users avoid navigating to untrusted sites while they test on Sauce.
We take security very seriously. If any further issues do arise in the future, we will address them here.