Normally, browsers impose strong restrictions for cross-domain interaction through the Web browser. A certain Web page can make a user browse to a different domain. However, it may not read the content of the retrieved page.... In IE these restrictions ... are broken when it comes to CSS [cascading style sheet] imports. I call this attack CSSXSS or Cascading Style Sheets Cross Site Scripting.

Matan Gillon

Browser Certain Cross Domain Impose Interaction Normally Page Restrictions Strong Web

Related Quotes

Much like classic XSS [cross site scripting] holes, this design flaw in IE allows an attacker to retrieve private user data or execute operations on the user's behalf on remote domains.

— Matan Gillon

Thousands of Web sites can be exploited, and there isn't a simple solution against this attack at least until IE is fixed.

— Matan Gillon

Anyone who slaps a 'this page is best viewed with Browser X' label on a Web page appears to be yearning for the bad old days, before the Web, when you had very little chance of reading a document written on another computer, another word processor, or another network.

— Tim Berners-Lee

AppearsBestBrowser

If you can use a Web browser, you can use Skype.

— Niklas Zennstrom

BrowserSkypeUse

I think HTML is not case sensitive, its SPACE sensitive

— Moonisa Ahsan

BrowserComputerHtml