It's not a security hole as much as a clever abuse of a legitimate CSS feature - and Opera, for one, still allows it by default.
---------- Post Merged at 12:43 ---------- Previous Post was at 12:42 ----------
Barring exceptional exploits, cookies can only be seen by the (sub)domains they're supposed to be sent to.
Read this for more information.
Bookmarks