Microsoft’s Internet Explorer browser is still vulnerable to a data leakage flaw that could have serious security implications.

Despite the vulnerability being reported to Microsoft back in December 2008 the exploit remains unfixed despite numerous articles and reports that have made the company aware of the problem.

Chris Evans, A Google security researcher said this minor flaw can have major consequences:

The bug is pretty simple: IE supports a window.onerror callback which fires whenever a Javascript parse or runtime error occurs. Trouble is, it fires even if www.evil-website.com registers its own window.onerror handler and then uses < script src=”http://www.onlinebanking.com/”>

As can be seen from Microsofts statement below they don’t seem to be too bothered about their users security:

“Microsoft is aware of the public posting of a low severity information disclosure issue in Internet Explorer. A successful attack requires a victim website to be configured in a specific way which is non-standard for most sites. We are not aware of any attacks seeking to exploit this issue and will update customers if that changes.”