Microsoft addresses XSS in Internet Explorer
Microsoft is planning to add a series of new security features to the next version of its Internet Explorer browser, including protection against cross-site scripting attacks.
A beta version of IE 8 is due out in August, and along with the XSS filter, it will include a filter designed to provide better protection against phishing attacks, features that make it easier for developers to request resources and share information across domains, and some changes to the way that ActiveX controls are handled by the browser. Specifically, developers will be able to write controls that are only available for the individual user who downloads them.
The announcement of the new security features in IE 8 came just a week after the release of Firefox 3, the latest version of IE's main competition in the browser world. Firefox 3 also includes updated antimalware and antiphishing capabilities and several other security updates. Microsoft has been fighting to repair the security reputation of IE for several years, since the initial release of Firefox, which the Mozilla Foundation has positioned as a more secure alternative to IE.