Some vulnerability could enable a web page to display the URL from a different web site in the IE address bar. This spoofing could occur within a valid SSL session with the impersonated site. Both vulnerabilities could be used to convince a user that the attacker's web site was actually a different one - one that the user presumably trusts and would provide sensitive information. However, as discussed in the Mitigating Factors section below, there would be significant hurdles to exploiting either vulnerability.
 
                           Variants of the "Frame Domain Verification" vulnerability could enable a malicious web site operator to open two browser windows, one in the web site's domain and the other on the user's local file system, and to pass information from the latter to the former.

                           This could enable the web site operator to read any file on the user's local computer that could be opened in a browser window.