Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major IE8 Flaw Makes "Safe" Sites Unsafe

Posted by kdawson on from the keep-your-scripts-to-yourself dept.

After this weekend's report of a dangerous flaw in IE (which Microsoft confirmed today), intrudere points out an exclusive report in The Register on a new hole in IE8 that could allow an attacker to pull off cross-site scripting attacks on Web sites that ought, by rights, to be safe from XSS. This is according to two anonymous sources, who told El Reg that Microsoft had been notified of the vulnerability a few months ago.

3 of 83 comments (clear)

  1. That seems like a really strange thing to do... by argent · · Score: 3, Interesting

    It seems to me that if the IE team is capable of telling that a combination of features is potentially dangerous, then why would they edit the source of the page to avoid triggering the vulnerability, rather than actually eliminating the vulnerability being attacked?

  2. Re:In other news by DJRumpy · · Score: 2, Interesting

    That's the clincher. I can only imagine how many corporations are in the same boat as mine. Tons of IE6 specific apps and XP due to the Vista fiasco. I'm still waiting for an IE upgrade, years after 7 and 8 have been released. It's about as insecure as you can get, yet they still use it.

    This alone should teach the dangers of relying on a single vendor too much. What's odd is they are actually very good about this on any other platforms, but they wear blinders when it comes to Microsoft products.

  3. Re:See, Microsoft is right by TheVelvetFlamebait · · Score: 2, Interesting

    We do. It's called -1 Troll.

    --
    You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.