ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XSS Bug in fully patched IE

    Scheduled Pinned Locked Moved IT Discussion
    internet explorer
    1 Posts 1 Posters 737 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nadnerBN
      nadnerB
      last edited by nadnerB

      I put this under IT Discussion because putting it under News is like saying "I found another hole in my Swiss cheese this morning".

      The flaw "allows attackers to bypass browser security to steal user credentials and launch phishing attacks"
      http://www.itnews.com.au/News/400047,dangerous-xss-bug-discovered-in-fully-patched-ie.aspx?eid=1&edate=20150205&utm_source=20150205_AM&utm_medium=newsletter&utm_campaign=daily_newsletter

      *The proof-of-concept detailed alongside the bug disclosure shows that when a user opens a targeted page in IE 11 on Windows 7 or 8.1, a link appears on what looks to be a legitimate website.

      When the link is clicked, the site opens in a new window. The new window continues to display the legitimate domain name, but the site reappears after a number of seconds with text chosen by the attackers*

      1 Reply Last reply Reply Quote 1
      • 1 / 1
      • First post
        Last post