Closed
Bug 127041
Opened 22 years ago
Closed 22 years ago
possible to check if a site has been visited
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
People
(Reporter: bugzilla, Assigned: security-bugs)
References
()
Details
I'm not sure if this is a bug a bug or not, but I found this on bugtraq. 1) Clear Mozilla browser history 2) visit http://gemal.dk/browserspy/css-moz.html 3) visit http://mozilla.org 4) visit http://gemal.dk/browserspy/css-moz.html the page can tell if you visited http://mozilla.org done via style sheet and visited
Reporter | ||
Comment 1•22 years ago
|
||
the URL is now: http://gemal.dk/browserspy/css.html
Comment 2•22 years ago
|
||
div class="normal"> <a id="j" href="http://mozilla.org/"> </a> <style> #j { position: absolute; top: 0; } #j:visited { top: 100px; color: #660001; } </style> <script> var j=document.getElementById('j'); var v=0; if (j && 'offsetTop' in j) if (j.offsetTop == 100) v=1; if (j && 'currentStyle' in j && 'color' in j.currentStyle) if (j.currentStyle.color == '#660001') v=1; if (v) document.writeln('You have been visiting mozilla.org lately! That very good! Now clear your browsers history and reload!'); else document.writeln('You haven\'t been visiting mozilla.org lately. Go ahead <a href="http://mozilla.org/">mozilla.org</a> and then come back...'); </script>
Assignee | ||
Comment 3•22 years ago
|
||
Essentially the same issue as 57351, which is still assigned to me but I may WONTFIX it. I just can't think of a way to solve it without getting rid of the "visited" rule in CSS. Henrik, can you give us a link to the Bugtraq post? In any case, the information leakage involved here is pretty limited. *please* give me your thoughts on the severity of this problem. *** This bug has been marked as a duplicate of 57351 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•