The Register: IE-6 privacy solution backfires.
“The privacy features added in IE6 to help protect a user’s privacy by giving them direct control over cookie management allows any site to read any other site’s cookies, in effect removing all privacy. Further, this hole extends to other protocols, allowing you to execute arbitrary commands on the user’s machine as well as take over MSN Messenger,” Larholm told us.
More details on this “universal cross-site scripting” bug.
§
I am no longer accepting public comments on this post, but you can use this form to contact me privately. (Your message will not be published.)
§
© 2001–9 Mark Pilgrim