Nasty Data-Stealing Bug Haunts Internet Explorer 8

**safan80** · 09-04-2010, 02:10 PM

This bug is from December for crying out loud! All off the other browsers even Safari has it fixed!!

I'm actually happy there's a lot of browsers out there now a days. The Less sites only think about using IE the better off we are, but then again IE users keep us geeks in business

original information on it.
http://scarybeastsecurity.blogspot.c...ss-domain.html

page from today:

It works by abusing the standards relating to the loading of CSS style sheets. Approximately, the standards are:

Send cookies on any load of CSS, including cross-domain.

When parsing the returned CSS, ignore any amount of crap leading up to a valid CSS descriptor

The defense calls for browsers to enforce the content-type checking for style sheets that are loaded from other sites. The authors stipulate that strict enforcement of this policy can break a very small number of sites, so a less-strict version also is detailed in the paper.

The defense has been adopted in one for or another by Google Chrome, Mozilla Firefox, Apple Safari and Opera.

**Metroid** · 09-04-2010, 04:06 PM

Does anybody remember the last time Internet Explorer 8 had an update?

**blindbox** · 09-04-2010, 06:24 PM

Nobody remembers, because nobody cares.

Not by me

**Chrono Detector** · 09-04-2010, 07:24 PM

I never trusted Internet Explorer since version 6, it was all about security flaws and vulnerability. And yeah, I only use Internet Explorer for downloading Mozilla Firefox like that chart says, so true.

**DragoonXX** · 09-05-2010, 12:07 AM

my home install for win7 doesnt have IE...removed it using the vista AIK + 7lite (i think thats what its called, not the same maker of nlite and vlite)

**Karolis** · 09-05-2010, 12:46 AM

Originally Posted by metroid

does anybody remember the last time internet explorer 8 had an update?

2010-08-10

**Gilhooley** · 09-05-2010, 07:08 AM

Originally Posted by Karolis

2010-08-10

And it's a unified update - it replaces all previous patches:

http://www.microsoft.com/technet/sec.../MS10-053.mspx

**Truckchase!** · 09-05-2010, 12:31 PM

http://www.mozilla.org/security/know...firefox30.html

Click through to the reported dates. The issue here is that people make a story where there is nothing per market standards because it's still en vogue to bash MSFT when you have nothing else to say.

Please stop posting non-news in this section as an excuse to create some sort of flame thread.

**Sam_oslo** · 09-05-2010, 12:47 PM

These links contains details information about hacking the IE and stealing data from the browser. I thought "Discussion of Warez, crackz, and pirated copyrighted material is not permitted in this forum."

**safan80** · 09-05-2010, 01:39 PM

Originally Posted by Sam_oslo

These links contains details information about hacking the IE and stealing data from the browser. I thought "Discussion of Warez, crackz, and pirated copyrighted material is not permitted in this forum."

How is making people aware of security flaws any way associated with that subject? When web browsers have security flaws the best way for them to be dealt with is for the flaws to be disclosed, so the threat can be handled. In this case it is for IE users to use a different web browser until that bug is fixed. It still amazes me how many users continue to use IE even after they've managed to pick up malware and or viruses. I find it odd that MS has not fixed it yet on something that is a threat to their user base. There are a lot websites out there that require IE just for the ActiveX controls yet to access remote terminals. I care about security and I'm sure others do.

Thread: Nasty Data-Stealing Bug Haunts Internet Explorer 8

Thread Tools

Search Thread

Rate This Thread

Display

Nasty Data-Stealing Bug Haunts Internet Explorer 8

Bookmarks

Bookmarks

Posting Permissions