This bug is from December for crying out loud! All off the other browsers even Safari has it fixed!! I'm actually happy there's a lot of browsers out there now a days. The Less sites only think about using IE the better off we are, but then again IE users keep us geeks in business
original information on it.
http://scarybeastsecurity.blogspot.c...ss-domain.html
page from today:
It works by abusing the standards relating to the loading of CSS style sheets. Approximately, the standards are:
Send cookies on any load of CSS, including cross-domain.
When parsing the returned CSS, ignore any amount of crap leading up to a valid CSS descriptor
The defense calls for browsers to enforce the content-type checking for style sheets that are loaded from other sites. The authors stipulate that strict enforcement of this policy can break a very small number of sites, so a less-strict version also is detailed in the paper.
The defense has been adopted in one for or another by Google Chrome, Mozilla Firefox, Apple Safari and Opera.
Bookmarks