I don't think so. Can't reproduce this in IE9. Do you have any proof for your statement?
Forum: XSS Info

I can't really agree with you there. Dynamic properties (like "expression") are only working if the X-UA-Compatible header is set to an obsolete version of the IE or a wrong document type is used. Dynamic properties are turned off by default since version 8. I recently wrote an article about that issue: http://impuls23.edublogs.org/2012/06/06/css-expressions-do-work-again-in-ie9/
Forum: XSS Info

You can set a target frame in a form element. Create an invisible iframe and use it as target.
Forum: CSRF and Session Info

Short question, short answer: no. There are still a lot of techniques to bypass Barracuda filtering. Use Snort.
Forum: Vendor Talk

Hello, are there still possibilities to execute JavaScript via stylesheets? The common methods like expression or moz-binding are not working in modern web browsers. It seems that Mozilla completely removed the -moz-binding functionality. Regards
Forum: XSS Info

Hi, I'd like to work on new possibilities to bypass the same origin policy of Javascript. There has been a bug in safari before and it seemed to be pretty simple doing it this way. I'm sure there are working possibilities to break out of the SOP. My vendors: Mozilla Firefox Microsoft IE 8 Google Chrome Safari doesn't make much sense for me because I'm not a Mac user. If anyone li
Forum: CSRF and Session Info