[thelist] FYI - IE cross domain cookie bug..

Daniel J. Cody djc at members.evolt.org
Fri Nov 9 15:23:36 CST 2001


Apparently, the security hole allows malicous sites or HTML formatted 
emails to read cookies from domains oursite their own. e.g. a malicous 
page on ebay.com could read a cookie set by amazon.com

No patch yet. Fix is to disable active scripting and wait.


More information about the thelist mailing list