Bugtraq mailing list archives
Javascript can bypass user preference for cookie prompt in IE5.50.4134.0100
From: Derek Johnson <dqj () btinternet com>
Date: 26 Nov 2001 06:54:48 -0000
If a user sets the option "Prompt to allow cookies to be stored on your machine" I have found that this can be bypassed in ME by local Javascript code directly setting a cookie. A request to disable the storing of cookies is honored but not the option to prompt before storing them. Hence it is insecure to set this option with Javascript enabled. It is no known if this is fixed by any combination of patches issued by Microsoft.
Current thread:
- Javascript can bypass user preference for cookie prompt in IE5.50.4134.0100 Derek Johnson (Nov 26)