Simon Willison’s Weblog

Mozilla causing XSS in Livejournal. Their recent worm attack was caused by the -moz-binding CSS property.