- Home
- CVEs with oval.description==Microsoft+Internet+Explorer+9+and+earlier+does+not+properly+restrict+cross-zone+drag-and-drop+actions%2C+which+allows+user-assisted+remote+attackers+to+read+cookie+files+via+vectors+involving+an+IFRAME+element+with+a+SRC+attribute+containing+an+http%3A+URL+that+redirects+to+a+file%3A+URL%2C+as+demonstrated+by+a+Facebook+game%2C+related+to+a+%22cookiejacking%22+issue%2C+aka+%22Drag+and+Drop+Information+Disclosure+Vulnerability.%22+NOTE%3A+this+vulnerability+exists+because+of+an+incomplete+fix+in+the+Internet+Explorer+9+release.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top