threadpost posted details on the IE 8 Data-Stealing Bug
The bug, which has been known for a couple of years now, involves the way that IE 8 handles CSS and Evans said that the proof-of-concept that he developed to force victims to post a message on Twitter is just one example of how it could be exploited. Evans said in a blog post that the vulnerability has been known publicly for nearly two years. The same bug has been fixed for some time in Firefox, Google Chrome, Opera and Apple Safari.Details Emerge on IE 8 Data-Stealing Bug