A cookie has just been set in your browser called 'iebug'.

To see how HTML downloads should be handled, download and open the below link in Firefox. Click "Open With" Firefox and then "Open". You should see a pop-up with nothing in it. The script can't see any cookies from awgh.org.

To see the IE Bug in action, download and open the below link with IE. This has been tested and verified as still broken in the latest patch level of IE7 (as of 12/22/08). Click "Open" and you will see a popup with the stolen cookie!

Here is the link!

To make this file a "download", I added the following to the .htaccess file:

<FilesMatch "awgh-download.html">
ForceType application/octet-stream
Header set Content-Disposition attachment

Screencast of this bug in action:

Footnote: Some IE security settings affect how this works. I haven't tested all variants yet, but it works 100% of the time if the target site is in the Trusted Sites zone. This isn't much of a safeguard, since the file will appear to be coming from a site that the user does trust.