Comment Re:Yes, there is a simple fix (Score 1) 167
How is even a malicious javascript code on one web page going to see the the content of a page that I have manuallly opened up in an entirely separate window?
It can't, but it can load that same page's URL in an iframe, and it will contain the same confidential information. Browsers try to prevent pages from reading the contents of cross-domain iframes, which is extremely difficult to do in a completely airtight manner. A much better solution would be not sending cookies on cross-domain requests and thus making it impossible for one site to load the secrets a different site is storing for you, but so far everybody is focused on treating the symptoms and not the disease.