Microsoft downplays IE 'cookiejacking' bug

Security 10756 Published 2011-05-27 20:47 by Philipp Esselbach

News

Microsoft today downplayed the threat posed by an unpatched vulnerability in all versions of Internet Explorer (IE) that an Italian researchers has shown can be exploited to hijack people's online identities.

From Computerworld:

The bug, which has been only discussed and not disclosed in detail, was part of an attack technique described by Rosario Valotta, who dubbed the tactic "cookiejacking," a play on "clickjacking," an exploit method first revealed in 2008.

Valotta combined an unpatched bug, or "zero-day," in IE with a twist on the well-known clickjacking tactic to demonstrate how attackers can steal any cookie for any site from users duped into dragging and dropping an object on a malicious Web page.

Microsoft downplays IE 'cookiejacking' bug

Verbatim Store 'n' Go FireWire 800 / USB 3.0 for Mac Review

6 Changes in Windows Phone Mango Target Business Users

Windows

Microsoft 11740
MS-DOS 4.0 Source Code released
2024-04-26 12:21 by Philipp Esselbach
Drivers 2879
AMD Radeon Software Adrenalin 24.4.1 released
2024-04-26 09:01 by Philipp Esselbach
Microsoft 11740
TypeScript 5.5 Beta released
2024-04-26 07:03 by Philipp Esselbach

Linux

Fedora Linux 8559
PHP 8.2.19 RC1 and 8.3.7 RC1 for Fedora/RHEL released
2024-04-26 14:29 by Philipp Esselbach
Software 42306
AM 6.6.3 released
2024-04-26 07:05 by Philipp Esselbach
Debian 9905
Putty and pdns-recursor security update for Debian
2024-04-26 06:54 by Philipp Esselbach

macOS

Apple 10159
watchOS 10.5 Beta 3 released
2024-04-24 06:52 by Philipp Esselbach
Apple 10159
tvOS 17.5 Beta 3 released
2024-04-24 06:52 by Philipp Esselbach
Apple 10159
visionOS 1.2 Beta 3 released
2024-04-24 06:52 by Philipp Esselbach

Community

dhamu
Hello Phil, I have a Linux Tutorial website that curre ...
StephanX
Hi friends, i am new in the Linux universe but i try to ...
Philipp
I would try the XanMod kernel: https://xanmod.org I ...