XSS or cross-site scripting is a type of vulnerability that allows malicious attackers to inject client-side script into web pages. A successful XSS attack can even allow the attacker to gain unrestricted access to the user’s personal profile and other sensitive information.
The IE8 XSS Filter vulnerability affects almost every website that lets users create profiles. Google.com, Wikipedia.org and Twitter.com are some of the high profile sites, which are affected by this attack.
According to Jerry Bryant, a spokesman for Microsoft’s security response team, most of the problems were fixed in the MS10-002 security patch, which was issued earlier this year. MS10-018 cumulative security update for Internet Explorer made further changes to the XSS filter to reduce the security implications. However, not all of the issues have been fixed. Some websites like Google have begun to proactively disable the XSS filter. Until the issue is completely taken care of by Microsoft, regular Internet Explorer users may be better served by switching to an alternate browser.
Share:
Comment on This Post |
Tweet This |
Share on Facebook |
Save to Delicious |
Stumble This |
Digg This |
Reddit This
Microsoft Internet Explorer’s XSS Filter Can Be Abused to Execute Cross-site Scripting Attacks originally appeared on Techie Buzz written by Pallab De on Tuesday 20th April 2010 11:23:56 AM. Please read the Terms of Use for fair usage guidance.
Don't miss these Related Posts:
- Microsoft Finally Fixes Internet Explorer Zero-Day Flaw – Patches 9 Other Vulnerabilities Along With It
- Critical Cross-Site Scripting Vulnerability Hits Twitter
- Microsoft Releases Workaround For Internet Explorer 0-Day Vulnerability
- Things Just Got Worse For Internet Explorer Users: Unpatched Exploit Code Released
- Stop Using Internet Explorer Right Now
Join Techie Buzz on Your Favorite Social Networking Sites
"
