[thelist] FYI - IE cross domain cookie bug..

Daniel J. Cody djc at members.evolt.org
Fri Nov 9 15:23:36 CST 2001


http://news.cnet.com/news/0-1005-200-7828689.html
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-055.asp

Apparently, the security hole allows malicous sites or HTML formatted 
emails to read cookies from domains oursite their own. e.g. a malicous 
page on ebay.com could read a cookie set by amazon.com

No patch yet. Fix is to disable active scripting and wait.

.djc.





More information about the thelist mailing list