Monday, 15 February 2016

Stealing Secrets with CSS : Cross Origin CSS Attacks


In this post I'm going to discuss a web attack that was designated CVE-2015-5826 and CVE-2015-1287 which abuses the way CSS parsing works in some browsers and expands the way we think about HTML injection attacks.