Minor leak, major headache
Scary Beasts Security
OCTOBER 21, 2010
I find this bug interesting, because at first it looks like a relatively minor cross-origin leak. But with a bit of investigation, it has major consequence. The bug is specific to Internet Explorer, and still seems unfixed (in stable versions) at the time of writing. I told Microsoft about it back in 2008. Therefore this disclosure is not an 0-day , but more like a 600-day.
Let's personalize your content