Much like classic XSS [cross site scripting] holes, this design flaw in IE allows an attacker to retrieve private user data or execute operations on the user's behalf on remote domains.

Normally, browsers impose strong restrictions for cross-domain interaction through the Web browser. A certain Web page can make a user browse to a different domain. However, it may not read the content of the retrieved page.... In IE these restrictions ... are broken when it comes to CSS [cascading style sheet] imports. I call this attack CSSXSS or Cascading Style Sheets Cross Site Scripting.

Thousands of Web sites can be exploited, and there isn't a simple solution against this attack at least until IE is fixed.

Aphorism - a grain of wisdom in the shell of words.

Death is the station, where we have to change to the next train. The appearance of the vehicle is changed, but our journey continues.

Clear sky is bigger than the largest rain clouds.