Microsoft » Internet Explorer » 5.5 sp1 : Security Vulnerabilities, CVEs, Published In 2011 (Information Leak)
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
Max CVSS
4.3
EPSS Score
2.29%
Published
2011-06-03
Updated
2021-07-23
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
Max CVSS
4.3
EPSS Score
0.58%
Published
2011-12-07
Updated
2021-07-23
2 vulnerabilities found