Home page logo
/

bugtraq logo Bugtraq mailing list archives

Javascript can bypass user preference for cookie prompt in IE5.50.4134.0100
From: Derek Johnson <dqj () btinternet com>
Date: 26 Nov 2001 06:54:48 -0000



If a user sets the option

"Prompt to allow cookies to be stored on your 
machine"

I have found that this can be bypassed in ME by local 
Javascript code directly setting a cookie. 

A request to disable the storing of cookies is honored 
but not the option to prompt before storing them.

Hence it is insecure to set this option with Javascript 
enabled. It is no known if this is fixed by any 
combination of patches issued by Microsoft. 


  By Date           By Thread  

Current thread:
  • Javascript can bypass user preference for cookie prompt in IE5.50.4134.0100 Derek Johnson (Nov 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]