Slashdot Mirror


IE8's XSS Filter Exposes Sites To XSS Attacks

Blue Taxes writes "The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat. The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server's response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack cannot succeed. The researchers figured out a way to use IE8's altered response to conduct simple abuses and universal cross-site scripting attacks, which worked against sites that would not otherwise have been vulnerable to XSS." Here is the researchers' backgrounder (PDF) on the attack. Microsoft says that they have issued two patches that address the issue, but the researchers insist that holes remain.
Update: 04/20 14:06 GMT by KD : Microsoft's Security Response Center has issued a statement on the vulnerability.

6 of 84 comments (clear)

  1. More reason to... by Anonymous Coward · · Score: 5, Funny

    stick to IE6. Long live Internet Explorer 6!

    1. Re:More reason to... by julesh · · Score: 3, Funny

      stick to IE6. Long live Internet Explorer 6!

      Why stick with 6? I'm using IE3. When was the last time you heard of an IE3 exploit being released? I'm considering a switch to Netscape Navigator 1.1, just in case.

  2. Re:My first! by Fluffeh · · Score: 4, Funny

    Close, but no cigar.

    Really, if you want a first post, subscribe to the site. You will get your silly kicks, and the rest of us will at least know you are making a valuable contribution to the site by paying the rest of the users to be silly.

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  3. Re:Microsoft's response by Z00L00K · · Score: 5, Funny

    As usually they have a disclaimer too:

    *This posting is provided "AS IS" with no warranties, and confers no rights*

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  4. Re:Microsoft's response by gzipped_tar · · Score: 5, Funny

    Nah, it's more like this:

    $ make meal
    [tons of compiler output]
    $ ./meal
    Segmentation Fault. Core dumped.

    --
    Colorless green Cthulhu waits dreaming furiously.
  5. Re:Not my site... by grrowl · · Score: 5, Funny

    I'm sure your user will be deeply affected by this.