Normally, browsers impose strong restrictions for cross-domain interaction through the Web browser. A certain Web page can make a user browse to a different domain. However, it may not read the content of the retrieved page.... In IE these restrictions ... are broken when it comes to CSS [cascading style sheet] imports. I call this attack CSSXSS or Cascading Style Sheets Cross Site Scripting. -Matan Gillon

 

Normally, browsers impose strong restrictions for cross-domain interaction through the Web browser. A certain Web page can make a user browse to a different domain. However, it may not read the content of the retrieved page.... In IE these restrictions ... are broken when it comes to CSS [cascading style sheet] imports. I call this attack CSSXSS or Cascading Style Sheets Cross Site Scripting.


Comments

There are not yet any comments on this quote. Why not register / login and be the first?




This quote is just one of 3 total Matan Gillon quotes in our collection. Matan Gillon is known for saying 'Normally, browsers impose strong restrictions for cross-domain interaction through the Web browser. A certain Web page can make a user browse to a different domain. However, it may not read the content of the retrieved page.... In IE these restrictions ... are broken when it comes to CSS [cascading style sheet] imports. I call this attack CSSXSS or Cascading Style Sheets Cross Site Scripting.' as well as some of the following quotes.

Thousands of Web sites can be exploited, and there isn't a simple solution against this attack at least until IE is fixed.

Matan Gillon

Much like classic XSS [cross site scripting] holes, this design flaw in IE allows an attacker to retrieve private user data or execute operations on the user's behalf on remote domains.

Matan Gillon