Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Internet_explorer | Microsoft | 8 | 8 |
Internet_explorer | Microsoft | 7 | 7 |