Major IE8 flaw makes 'safe' sites unsafe. IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can allow attackers to rewrite safe pages to introduce XSS flaws. Google are serving all of their pages with the X-XSS-Protection: 0 header. Until the fix is released, that’s probably a good idea.
Sign in with 
OpenID
This is a "known" problem for some time now, but it was not put to public to not attract too many badass Hackers.
The good thing about making this public now is, that Microsoft probably will fix this issue a lot sooner...
Dirk Olbertz - 22nd November 2009 17:22 - #