Failings of the Same-Origin Policy

This definitely has not gotten enough attention.

Originally discussed here in 2006 by a team of people from Stanford, there exists a class of attacks on browsers that enables one to identify which sites a user has visited through either their caching mechanism or CSS. The white paper can be read here, but in short:

<style type="text/css">
a#14032:visited { background: url(checklink.php?q=14032); }
</style>
<a id="14032" href="http://www.facebook.com">.</a>

More recently it has been discussed by Niall Kennedy and Brendon Boshell and is starting to get some attention because of the two demos Brendon posted: the first which requires JavaScript and the second which works without JavaScript.

This is a huge issue that needs to be addressed immediately by revisions to the same-origin policy across all major browsers. There exists a proposal in that white paper which has not yet been included into core components of browsers, but has been implemented in extensions to Firefox by the Stanford team, SafeHistory and SafeCache. However, these are not kept up to date, which demonstrates the need for these to be included into the core functionality of browsers.

Pairing this attack with other web security issues (CSRF anyone?) makes this an incredibly important hole to close. Microsoft, Apple, Mozilla, Google, Opera: make haste!