Internet explorer is one of the most popular web browsers today. Internet explorer is very user friendly and easy to use. It has a nice user interface and after so many revised versions, it is only becoming so popular among masses. In spite of the big competition from chrome and Firefox, still most of the users want to use Microsoft’s internet explorer.
The latest version of Internet explorer is IE8, which is currently being used as a browser. Although this version is very good to browse web pages, it has some security concerns. The latest one comes in the late last week. This security flaws allow web attacker to steal private information from mail and networking sites like Twitter. This is very serious concern because an attacker can delete your e-mails or send tweets. These attacks have become a problem for Microsoft Corporation and they are now investigating it. These attackers use CSS to attack the security; CSS is used to control the fonts, colors and the HTML layout. These attackers used CSS because it is the media to interpret the web browser. CSS has very liberal properties which makes it vulnerable. May be, in the future we get a improved version of CSS. There is one of the property called fault-tolerant, it also leads to the security flaw in the internet explore.
The infected or malicious pages tell the browser about embedding of the pages and try to treat these pages as if it was in CSS. As we know that HTML is too different from HTML to be parsed from CSS. But in some case if the embedded pages are written in right manner then it will look like them. There are some solutions to these problems like you can provide double quotes to the string and end of the string is also required. But in most of the cases it does not eliminate the problem; it does not mean that we can not prevent these security flaws.
Internet explorer is an exception in this case. You can provide line breaks, and it will embed the string. When you provide line breaks then CSS will parse everything as a part of the string. When you tweet in tweeter, it is interpreted as CSS and it embed the font family, rather than it specifies the double quotes. Internet explorer treats tweets as font name. When you sign in or tweet in tweeter then it needs an authentication token, this is used to prevent other sites to get the information from twitter. This authenticity token is the standard and best methods to prevent CSS XSS attacks in internet explorer.
Microsoft is investigating these flaws related to CSS XSS but there is no perfect solution available on the Microsoft website. Even we are getting same security flaw in internet explorer 9 Beta editions. All the previous versions have also same security problems and it is not first time when a Google employee detects this type of problem in Microsoft’s product.