Here is the line of code they use to get the source of the said 3rd party page: request.open('GET', 'http://secu'+'nia.com/ie_redir_test_1/?' + Math.random(), true); Here is why this 'bug' does not do what they say it does: The browser does not allow AJAX style connetions to any domain outside of the one you are currently on. To 'get around this' Secunia has connected to a page on thier server which then goes and gets the code. Probaly using a readfile command. Here is why this is NOT a browser bug: The page that they are calling is on thier server which means that it does not have your cookies or your session data. The server page that they are opening can only view the page from the stand point of an not-logged-in user. This isn't a new trick that Secunia just invented, it is used quite often to get data from other websites. But the only way to log into another website in this manner is the have the server side page open a socket into that 3rd party page. This cannot be done, again, because their server does not have your cookie data. This is not a browser bug.