The flaw, which a researcher said may have been known since 2008, lies in the way that IE 8 handles CSS style sheets. The vulnerability can be exploited through an attack scenario known as cross-domain theft. The attack works on the latest, fully patched release of IE8, Microsoft s flagship browser. Microsoft has not yet implemented a fix for the vulnerability, and researcher Chris Evans said he decided to post it as a way to encourage Microsoft to fix the problem. Microsot Security Response Center officials said they are aware of the issue and are investigating.
Source: https://threatpost.com/nasty-data-stealing-bug-haunts-internet-explorer-8-090410/74430/