Peacefire have issued an advisory about a serious new exploit to read any cookie in Internet Explorer.

The bug allows a malicious Javascript to retrieve the content of any cookie stored by IE. Peacefire have several examples, including a scenario in which a website can obtain the user's cookie for Amazon, and somebody could then use this cookie to log in to Amazon as that user.

Peacefire's advice to disable this bug is for anybody using Internet Explorer to immediately disable Javascript. For extra security, turning the acceptance of cookies off is also recommended.

As yet, Microsoft have yet to issue an advisory about this bug, although even if they do, it can be expected that it will take some time for them to issue a fix.

As with most IE bugs, this only affects Internet Explorer running on a Windows platform. Mac and Unix platforms are unaffected, as are Netscape browsers.