« Koobface botnet creates fake Facebook accounts to lure you to fake Facebook or YouTube page | Main | OWASP Top Ten 2010 Release Candidate 1 available for review »

Sunday, 22 November 2009

Microsoft IE8 XSS prevention feature enables XSS attacks

Dan Goodin at The Register reports that Microsoft's IE 8's Cross Site Scripting prevention feature can be used to create an XSS attack.

IE8 attempts to block XSS attacks by modifying the response, i.e. the content of the web page generated by the web server coming to the browser in response to a request. The NoScript Firefox add-on, takes the opposite approach by modifying the content of the request from the browser to the web server. Here is more information. It appears that this vulnerability is not easily fixed because it's a design flaw rather than a coding flaw.

BTW, NoScript is the second most popular Firefox Privacy & Security add-on.

Posted at 07:04 PM in Application Security |

Technorati Tags: ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01157148a11a970c0120a6c5a21c970b

Listed below are links to weblogs that reference Microsoft IE8 XSS prevention feature enables XSS attacks:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.

About

Subscribe to this blog's feed

Recent Posts

My Favorite Books on Risk and IT Security