Security researchers claim to have found serious flaws in Microsoft's Internet Explorer (IE) web browser.
Mike Benham, an independent security researcher based in San Francisco, has reported the weaknesses to security industry mailing list Bugtraq. He said that IE fails to check the validity of digital certificates used to prove the identity of websites, allowing for an "undetected, man-in-the-middle attack".
The problem has apparently existed for five years. It enables an attacker to intercept personal data when a user is making a purchase or providing information for ecommerce purposes.
Digital certificates are typically issued by trusted certificate authorities - such as VeriSign - and are used by websites in conjunction with the Secure Sockets Layer (SSL) protocol for encryption and authentication.
Bruce Schneier, a cryptography expert and co-founder and chief technology officer at Counterpane Internet Security, a California-based network monitoring firm, said that this was one of the worst cryptographic vulnerabilities he had seen in a long time.
He said the flaw meant that all the cryptographic protections of SSL would not work for a Microsoft IE user.
Microsoft said that it is investigating the flaw, but pointed out that an attacker would have to create a fake website and redirect people from a legitimate website to the fake one to exploit the vulnerability.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago