I wonder why nobody fixed this, even though they were notified several months ago. I'm not sure I understoo the issue correctly, but if I block all cookies by default and only allow certain cookies to be stored (such as this website), I'm safe form this vulnerability?