JavaScript Implementation Flaw in Microsoft Internet Explorer 8.0 and Earlier
CVE-2010-5071

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Ie
Vendor: CVE Published:; 7 December 2011

Summary

A flaw in the JavaScript implementation of Microsoft Internet Explorer 8.0 and earlier allows for improper restrictions on the values returned by the getComputedStyle method. This inadequacy enables remote attackers to exploit the vulnerability and gain access to sensitive information about previously visited web pages. By leveraging this flaw, attackers can craft requests that reveal unintended data, posing a significant risk to user privacy and data security.

References

http://w2spconf.com/2010/papers/p26.pdf

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 7, 2011