Imperva Warns of XSS Vulnerability in IE
Microsoft says the problem is not considered a vulnerability.
Imperva researchers are warning of a problem with the way double quotes are encoded by Internet Explorer that can allow hackers to conduct cross-site scripting (XSS) attacks.
"Imperva claims to have notified Microsoft about the issue, but was told by the software company that this behavior is not considered a vulnerability and will not be fixed in a security update," Constantin writes. "The behavior might, however, get changed in a future IE version, Microsoft allegedly said."
Go to "IE URI encoding behavior facilitates XSS attacks, researchers say" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.