« Web Application Scanners Comparison | Main | Heartland Sniffer Hid In Unallocated Portion Of Disk »

Microsoft Fixes Clickjacking in IE8?

"Microsoft has introduced a release client version of its latest browser, Internet Explorer 8 (IE8), and the new iteration of the application includes several security improvements, including a noteworthy attempt to address the emerging problem of clickjacking attacks.

For those who don't recall, clickjacking is a relatively new technique -- first detailed in mid-2008 by researchers Jeremiah Grossman and Robert Hansen, among others -- which involves using widely-available vulnerabilities to take control of an end user's browser.

The idea is that simply by tricking a visitor into arriving at an infected URL, an attacker can manipulate the affected end users' browser session to get them to do just about anything the hackers desires, such as downloading malware, and at the time it was first reported publicly, there were clickjacking vulnerabilities available in just about every major browser, including IE7.

Now, to carry out these kinds of campaigns, obviously the involved attackers need to both subvert Web sites (the more legitimate the better) and have the browser vulnerabilities available that allow them to deliver their code."

Read more: http://securitywatch.eweek.com/exploits_and_attacks/microsoft_goes_after_clickjacking_in_ie8.html


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

what about Mozilla ??

did they fix up this vulnerability in Mozilla ??

I have no idea what plans Mozilla has to fix this in Firefox.

Hey thanks for sharing.
M sure soon it will be fixed even in Mozilla too.
IE's main drawback has always been its security problem. M sure this one will work well.

Mozilla has always satisfied me. And go to IE will not. Suppose that the safety statistics.