(MSFT) - Get Report

said Monday that it was developing a software patch "as quickly as possible" after a 21-year-old former employee publicized a potential security flaw in the company's popular Web browser.

In a conference call with privacy advocates and reporters, Bennett Haselton, the former employee and an opponent of Internet censorship who lives in Seattle, said he could use the flaw to read the in boxes of


accounts and order products on

without the account holders' permission or knowledge.

All known versions of Microsoft's Internet Explorer are vulnerable, according to Haselton's Web site,


The flaw involves cookies, which electronic commerce sites routinely deposit on the computers of Web users in order to keep track of their purchases and for other monitoring purposes. Using a specially constructed uniform resource locator, or URL, a Web site can read the cookies from any domain.

A spokeswoman for Microsoft said that the flaw could be exploited only if a user is coerced or enticed to visit a Web site operated by someone who intends to exploit the flaw. The company is developing a software patch that will be available shortly, said the spokeswoman, who works for the company's outside public relations firm and asked that she not be identified because of Microsoft's press policies.

The spokeswoman also said cookies should not contain sensitive data like credit card information or passwords in the first place. Most cookies do not. For example, the way Amazon uses cookies could allow a hacker to order books sent to a person's address using the person's credit card, but the hacker could not obtain the credit card number or have the purchases sent elsewhere.

Jason Catlett, a privacy advocate who operates the Web site

, said the flaw would not allow hackers to gain access to passwords but that it still raised concerns because victims could be impersonated or have the privacy of their email violated.

Haselton, whose discovery was detailed in an article in

The Wall Street Journal

on Monday, said in a telephone interview that he was looking for flaws in Microsoft software in hopes that he could expose them to gain publicity for his anti-censorship Web site.

Haselton said he took a pad of paper along on his Easter break to visit family members a few weeks ago. The purpose of the pad, he said, was to write down potential hacks to try when he returned home to Seattle.

"I did this for the publicity," Haselton said. "I hope the people on my old working group saw it in

The Wall Street Journal


Haselton said he worked at Microsoft from May 1999 until January and had hoped to become a software engineer tasked to ferret out bugs for the company. He said that he was not allowed to take training courses and was instead dismissed from the company.

"They said I was too dumb for it," Haselton said.

The spokeswoman for Microsoft confirmed that Haselton had worked for the company.

As originally published, this story contained an error. Please see

Corrections and Clarifications.