First published: Fri Jun 03 2011(Updated: )
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Internet Explorer | =8 | |
Microsoft Internet Explorer | =5 | |
Microsoft Ie | =9-beta | |
Microsoft Internet Explorer | =7 | |
Microsoft Internet Explorer | =6 | |
Microsoft Internet Explorer | =3.0 | |
Microsoft Internet Explorer | =4.0 | |
Microsoft Internet Explorer | <=9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.