Security researchers recently discovered a seriousXSS 0day vulnerability that can impact the latest version of the IE browser, the user is exposed in the attack and identity theft risk.
The vulnerability can affect fully restored IE browser, hackers can exploit the vulnerability to steal sensitive user data such as logon credentials and be able to browser sessions to inject malicious content.
An attacker using theXSSthe vulnerability may bypass the same-origin policy（SOP）。 The same-origin policy is a web application in a basic security model used to protect the user's browsing experience.
The same origin policy on Wikipedia interpreted as:
“The policy allows the same site, system, host name, and port number combination on the page of the script to access each other's DOM, but no specific restrictions, but blocking access to different sites on the DOM.”