Microsoft has officially released Internet Explorer 8 today [microsoft.com] with a number of new security features to improve privacy and protect against phishing and cross-site-scripting attacks. From the article:
Microsoft is trying to mitigate some of the common issues with a cross-site-scripting (XSS) filter, which protects against Type-1 XSS attacks. The filter in IE 8 monitors all of the requests and responses made by the browser and automatically disables XSS attacks when they’re detected. When an attack is blocked, users will be alerted with a modified version of the requested page. The browser also has a built-in feature that analyzes URL strings and highlights the top-level domain in the address bar to prevent a person being victimized by website spoofing.
Microsoft also addressed the growing need for privacy while browsing certain websites. A new feature called InPrivate browsing mode, enables users to control whether IE saves a record of their browsing session. Similar to the Incognito mode in Google’s Chrome browser, InPrivate in IE 8 won’t save cookies, passwords, browsing history or any other record if it is enabled. Microsoft said InPrivate also prevents form data, passwords and temporary Internet files from being stored, keeping the session completely private.
IE 8 also includes a feature to block clickjacking attacks, preventing users from clicking an obscured or hidden Web element. The feature detects a website header designed by Web developers that declares how many frames a sensitive Web page can contain. Microsoft says the technique is not perfect, but will substantially mitigate the threat of clickjacking on sensitive websites.
Read the full article [techtarget].