[ Thanks to dmitchell for
this link. ]
“Microsoft today acknowledged a security problem with its Web
browser that could let a malicious Web site operator rifle through
visitors’ files.”
“Like many browser security problems, this one has to do with
scripting technology, which lets a Web site execute actions on
a user’s computer without the user’s interaction.”
“For security reasons, browsers typically restrict the kinds of
things a Web site can do with scripts. But in this case,
Microsoft’s Internet Explorer 5.0 browser fails to restrict scripts
when they are executed from within smaller windows within a Web
site called frames.”
“The security hole is typical of the type regularly reported by
Bulgarian bug hunter Georgi Guninski. Guninski, who first reported
this bug, has reported many others in browsers from both Microsoft
and America Online’s Netscape unit.”