Security holes in Internet Explorer 8

Google security researcher Chris Evans has discovered security vulnerability in Internet Explorer 8.The vulnerability takes advantage of CSS (Cascading Style Sheets) standards, a computer language used to describe the presentation of contents and documents on the Internet, to steal browser data. 

According to those standards, cookies are sent from the browser when CSS is called, even if it is a cross-domain call. Combining this with a CSS injection attack (injection of arbitrary css into another user's web pages) using “background-image:url()” property, the browser's cookies will be sent to the given URL (eng. Uniform Resource Locator). Attack is successful even when Javascript is disabled, and there is also an example of attack performance. This CSS vulnerability is not exclusive to Internet Explorer, the other four major browsers are also affected (FireFox, Safari, Opera, and Chrome). But the vendors of those browsers have issued patches for holes that created the problem. Original news can be found at SecurityProNews web site.