Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
References
Configurations
Configuration 1 (hide)
|
History
23 Jul 2021, 12:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* |
Information
Published : 2005-12-08 11:03
Updated : 2024-02-04 16:52
NVD link : CVE-2005-4089
Mitre link : CVE-2005-4089
CVE.ORG link : CVE-2005-4089
JSON object : View
Products Affected
microsoft
- ie
- internet_explorer
CWE
CWE-264
Permissions, Privileges, and Access Controls