kentoh - Fotolia
I read about a recent Internet Explorer vulnerability involving cross-site scripting (XSS) that may become popular among threat actors. How can these same-origin policy XSS vulnerabilities be exploited, and what is the best way to prevent them from putting our users at risk?
Threat actors, pen testers and other security researchers will always build upon prior working exploits or attack techniques. This is especially true for security research on Web browser security, as it has become increasingly difficult to exploit fully patched Web browsers. This new Internet Explorer attack in an attacker's toolbox will help him focus on the specific target or attack being performed so he doesn't need to create everything from scratch.
David Leo, a researcher with U.K.-based security firm Deusen, disclosed a universal XSS vulnerability affecting Internet Explorer 9, 10 and 11 that allows an attacker to use a malicious website to change the contents of one of the other tabs open in a browser. This directly violates the same-origin policy that stops one website open in a browser window or tab from modifying the contents of a different website.
Protecting against these sorts of same-origin policy XSS vulnerabilities is critical in modern Web browsers because a user might, for example, be browsing entertainment websites while performing online banking in a separate tab. Having an attack originate from the entertainment website and affect the online banking would be a serious vulnerability.
Enterprises and individuals can best protect themselves by keeping their Web browsers up to date and by using a network-based antimalware device that can detect when malicious webpages are accessed.
Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email. (All questions are anonymous.)
Learn more about preventing XSS attacks
Dig Deeper on Application attacks (buffer overflows, cross-site scripting)
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.