“Normally, browsers impose strong restrictions for cross-domain interaction through the Web browser. A certain Web page can make a user browse to a different domain. However, it may not read the content of the retrieved page.... In IE these restrictions ... are broken when it comes to CSS [cascading style sheet] imports. I call this attack CSSXSS or Cascading Style Sheets Cross Site Scripting.”
“Much like classic XSS [cross site scripting] holes, this design flaw in IE allows an attacker to retrieve private user data or execute operations on the user's behalf on remote domains.”
