Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Microsoft investigates public IE CSS XSS flaw; Twitter, Hotmail vulner

08 Sep 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Microsoft investigates public IE CSS XSS flaw; Twitter, Hotmail vulner

Quote:
Microsoft investigates public IE CSS XSS flaw; Twitter, Hotmail vulnerable
Late last week, a security flaw in Internet Explorer 8 was publicly disclosed to the Full Disclosure mailing list. The flaw allows attackers to steal private information from online services such as web mail and Twitter, allowing attackers to, for example, delete e-mails or send tweets from their victims' accounts.

The post was made by Google employee Chris Evans. He stated that the reason for going public was to try to persuade Microsoft to fix the problem—the new flaw is a variant on an older attack, and the details of the flaw were made public in a paper authored by Carnegie Mellon students that Evans reviewed. While the other major browser vendors have made fixes to their browsers to prevent attack—Chrome 4.0.249.78, Safari 4.0.5, and most recently Firefox 3.6.7 and 3.5.11 all include protection against the flaw—Microsoft has thus far failed to update Internet Explorer to provide protection.

The attack compromises the same-origin policy. The same-origin policy is designed to prevent scripts from one domain from accessing data belonging to another domain. For example, a script from example.org should not be able to access cookies or page content from twitter.com. These attacks, where one site (controlled by the attacker) compromises the secret data of another site, are called cross-site scripting (XSS) attacks. There are many different ways that a site on one domain can embed content from another domain; images are commonly embedded in this way, as are Flash movies to deliver content from sites like YouTube.
More -
Microsoft investigates public IE CSS XSS flaw; Twitter, Hotmail vulnerable

My System SpecsSystem Spec
.

Reply

 Microsoft investigates public IE CSS XSS flaw; Twitter, Hotmail vulner





Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:03 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33