Security researcher Rosario Valotta recently demonstrated the 'cookiejacking' technique, and has details of the attack . The 'cookiejacking' threat, and underlying zero-day flaw affect all versions of Internet Explorer running on any version of Windows, so the pool of potential victims is significant.

What Is a Cookie?A cookie is a small text file used by a to store information like site preferences, or user account credentials for site authentication.

What Is 'Cookiejacking'?The technique exploits a flaw that bypasses the Security Zone protection in Internet Explorer to enable the attacker to capture the contents of cookies that should not be exposed.

What Is at Risk?Most text files contain text that would of little value. But, if you are logged in to a site like Facebook, Twitter, or Gmail, cookies are used to store user account information needed to authenticate so you don't have to log in repeatedly. If an attacker can hijack these cookies, they could impersonate you or access sensitive data within the affected site or service.

Is It a Serious Threat?The attack is not trivial to pull off. The actual 'cookiejacking' is just one piece of a larger puzzle that requires different attack techniques, and duping the user into becoming a willing participant.