In summary, these are the top 10:
8. Tunneling TCP over HTTP over SQL-injection - Tunnel has always been the way to go. Basically if you can tunnel anything over something, you can get pass the firewall.
5. A different Opera - Yes, its about the browser!
4. Clickjacking / videojacking - This has been presented many many times. Clickjacking is dangerous. But so far, fortunately, nobody does it really good.
3. Safari carpet bomb - Again, browser!
2. Breaking google gears’ cross-origin communication model - Google gears, to use or not is not the question anymore
1. GIFAR - This is an attack on GIF and JAVA.