I recently read an interesting method to steal cookies leveraging an IE 0 day bug where it allows cross domain access to local cookie files, and then extracting the content through the use of HTML 5 drag & drop.
The article can be viewed here: http://sites.google.com/site/tentacoloviola/cookiejacking
