Friday, November 20, 2009

IE8 XSS protection introduces XSS vulnerability to sites

Breaking the web in new and exciting ways: IE8 bug makes 'safe' sites unsafe
"The latest version of Microsoft's Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe.

The flaw in IE 8 can be exploited to introduce XSS, or cross-site scripting, errors on webpages that are otherwise safe, according to two Register sources, who discussed the bug on the condition they not be identified. Microsoft was notified of the vulnerability a few months ago, they said.

Ironically, the flaw resides in a protection added by Microsoft developers to IE 8 that's designed to prevent XSS attacks against sites…"

Labels: , ,