First CSS3 security bug found, patched?
The latest security update of Firefox, 2.0.0.2, provides a fix for a possible spoofing attack using the CSS3 cursor property.
As far as I’m aware, this is the first known security hole which uses CSS3 properties; perhaps someone can correct me if I’m wrong.











There’s the old :visited hole but that’s not CSS3 specific, just CSS. Also, it’s more of a privacy than a security issue.
[...] First CSS3 security bug found, patched? [...]