Google Engineer Finds Serious MS IE8 Flaw
Microsoft is looking into reports of a security issue in Internet Explorer 8. The problem lies with a CSS cross-origin theft issue that has been fixed in other browsers but remains open in IE, said a Google security engineer.
A description of the vulnerability was posted 3 September to the Full Disclosure mailing list by Google Information Security Engineer Chris Evans.
In a proof-of-concept, Evans demonstrated how the bug - a CSS (Cascading Style Sheets) cross-origin theft issue - could be used to force a victim to send a Twitter message.