Security feature of Internet Explorer 8 unsafe
No details about the cause of the problem have become available. According to Giorgio Maone, who developed the NoScript plug-in for Firefox, the cause is a fundamental design flaw. Maone said he discovered the problem while he and other developers analysed various XSS protection mechanisms in browsers. However, the developer told The H's associates at heise Security that he only wants to publish his information once a solution has been found, adding that those who know how the XSS filter of IE8 works won't have difficulties with reproducing the problem.
Unlike NoScript, the XSS protection of Internet Explorer 8 filters server responses, rather than client requests, for suspicious code – and modifies them if required. This apparently allows attackers to manipulate the server's response and inject arbitrary code. However, Maone said that the attacker must have a certain amount of control over the content of the page accessed by the victim. This is, for example, the case on social networking pages, on forums, in wikis and in principle also in Google apps. However, Google disables IE's XSS filter by sending the X-XSS-Protection: 0 header, which makes it immune. Google reportedly took this action for security reasons. The vendor apparently already knew about the vulnerability in IE and said it wants to protect users until Microsoft has released a patch.
- Reddit Attacked by XSS Exploit, a report from The H.