Hi Geeks, There's an un-patched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way that IE 8 handles CSS style sheets.
The vulnerability can be exploited through an attack scenario known as cross-domain theft. At the time, all of the major browsers were vulnerable to the attack, but since then, Firefox, Chrome, Safari and Opera all have implemented a simple defense mechanism. Mozilla was the last to fix the issue, in July. But Microsoft has not yet implemented a fix for the vulnerability. Microsoft Security Response Center officials said they are aware of the issue and are investigating it. Here's the explanation of problem in the original post in December: It works by abusing the standards relating to the loading of CSS style sheets. Approximately, the standards are: Send cookies on any load of CSS, including cross-domain. When parsing the returned CSS, ignore any amount of crap leading up to a valid CSS descriptor. By controlling a little bit of text in the victim domain, the attacker can inject what appears to be a valid CSS string. It does not matter what proceeds this CSS string: HTML, binary data, JSON, XML. The CSS parser will ruthlessly hunt down any CSS constructs within whatever blob is pulled from the victim's domain. The upshot of this is that if a victim has visited a given Web site, authenticated himself to the site, and then visits a site controlled by an attacker, the attacker would have the ability to hijack the user's session and extract supposedly confidential data. This attack works on the latest, fully patched release of IE8, Microsoft's flagship browser. The defense has been adopted in one for or another by Google Chrome, Mozilla Firefox, Apple Safari and Opera. "That's a dangerously long time for such a bug to be live and known by hackers.,". "Browsers are complicated pieces of software and will always have bugs. Time-to-fix therefore matters for a browser. If security is a factor in your browser choice, its recommend you look at Opera or Chrome. These browsers fixed this bug the fastest." Ref: http://groups.google.com/group/nforceit/web/cascading_style_sheets.pdf Cheers, 0xN41K -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
