Information Disclosure Vulnerability in Internet Explorer by Microsoft
CVE-2002-2435

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Ie
Vendor: CVE Published:; 7 December 2011

Summary

The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier contains a flaw in the handling of the :visited pseudo-class. This vulnerability could allow remote attackers to access sensitive information regarding which web pages a user has previously visited by exploiting a specially crafted HTML document. The issue compromises user privacy and could be related to subsequent vulnerabilities like CVE-2010-2264.

References

http://w2spconf.com/2010/papers/p26.pdf

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/71817

vdb-entryx_refsource_XF

http://bugzilla.mozilla.org/show_bug.cgi?id=147777

x_refsource_MISC

EPSS Score

22% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 7, 2011
Vulnerability Reserved
Dec 7, 2011