Microsoft is working on a fix to get rid of Internet Explorer 8 vulnerability that can enable serious security attacks against websites that are otherwise safe. Ironically, the flaw resides in XSS (Cross-site scripting) filter, a protection feature in Internet Explorer 8 that’s designed to prevent XSS attacks against sites.
XSS exploits allow attackers to inject malicious code into trusted websites by convincing victims to click on booby-trapped links. Microsoft’s XSS filter (which was introduced in Internet Explorer 8), or Mozilla Firefox’s NoScript add-on are designed to prevent such attacks.
The fix which will be introduced in June is the third such fix after the one in January and another in March.
David Ross of Microsoft Security Response Center has something to say on it here.