Nasty data stealing bug-haunts internet explorer 8

[leofelix]

Nasty data stealing bug-haunts internet explorer 8

There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way that IE 8 handles CSS style sheets.

The vulnerability can be exploited through an attack scenario known as cross-domain theft, and researcher Chris Evans originally brought the problem to light in a blog post in December....But Microsoft has not yet implemented a fix for the vulnerability...

read more

[johnshaw1917]

Thanks for sharing Leo. That is good information to know.

[Alboguy]

Here we go again. Another serious security flaw of the fabulous Internet Explorer...

[Boyfriend]

Thanks leofelix for info. Another unpatched vulnerability.

[JayCub]

Thank you Leo for keeping us updated, another reason for me to keep 7 skip 8 and cross my fingers for 9

[Newbie Comp user]

This is exactly the reason why we should use 3rd party browsers! (Firefox at the most)
Thanks leofelix!
-NCU

[INDRANIL]

Thank you leo for the information. M$ the lazy one still no patch . FF user here .

[Neo]

thx leo for info

i remember reading somewhere IE as most secured browser

[FunkY]

Good to know information. Thanks for warning leofelix

[safeguy]

thx leo for info

i remember reading somewhere IE as most secured browser

Probably over at Wilders...and they've got a good reason to state so.

Here's an interesting link:

Iron vs Firefox vs IE: Security

Basically, in terms of access rights:

IE in Protected Mode with UAC turned on runs in Low Integrity Level.
Chrome out of the box runs in Low Integrity Level..
Firefox runs in Medium Integrity Level by default (although that can be changed)

But integrity level isn't the only factor that decides how 'secure' a browser is. There are other factors that come into play such as:

a) vulnerabities in using out-dated browser
b) vulnerabilities in using plug-ins such as Flash and Java and worse still, not keeping them up-to-date
b) add-ons - untrusted ones vs trusted ones (and those that may bring further security benefits to the browser)
c) sandboxed/restricted/isolated browser using 3rd-party security software
d) whatever else that escapes my mind right now

If you ask me - it's all about how you configure your browser that makes the difference. Each has it's own strength and weaknesses - it's up to you to cover up those possible loopholes on your own if you can, if you're willing to, and if doesn't break the web browsing experience by much for you (or if you don't mind that, it's your choice)