Closed Bug 1060125 Opened 10 years ago Closed 10 years ago

:-moz-any might allow timing attacks to determine whether a link is visited

Tracking

()

Status:

RESOLVED INVALID

People

(Reporter: bzbarsky, Unassigned)

Details

Boris Zbarsky [:bzbarsky]

Reporter

Description

•

10 years ago

Consider matching this selector:

  -moz-any(:visited, somethingReallySlowToMatch)

against an <a> element.  If the URI is visited, it seems this will match quickly during the visited-style-context phase, but if the URI is not visited, it will match slowly during both phases.  This seems like it would allow a timing attack to determine the visitedness of the link.

Boris Zbarsky [:bzbarsky]

Reporter

Updated

•

10 years ago

Summary: -moz-any might allow timing attacks to determine whether a link is visited → :-moz-any might allow timing attacks to determine whether a link is visited

David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)

Comment 1

•

10 years ago

Really?  It ought to match slowly for constructing the normal context and quickly when constructing the visited context, whether or not the link is visited.

Boris Zbarsky [:bzbarsky]

Reporter

Comment 2

•

10 years ago

Oh, right, we pretend the link is visited when constructing the visited context.

Sorry for the noise, and please go back to enjoying vacation!

Status: NEW → RESOLVED

Closed: 10 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

:-moz-any might allow timing attacks to determine whether a link is visited

Categories

(Core :: CSS Parsing and Computation, defect)

Tracking

()

People

(Reporter: bzbarsky, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2