On Sun, 11 Feb 2007, Michal Zalewski wrote: > This was tested with 2.0.0.1. Opera is most likely not vulnerable; > Microsoft Internet Explorer is not vulnerable as-is, but might be > vulnerable to a variant of the attack.
And indeed - here's a MSIE 7.0 demo: http://lcamtuf.coredump.cx/focusbug/ieversion.html Somewhat less pretty and straightforward, but equally sad. /mz
