Closed Bug 224954 Opened 22 years ago Closed 22 years ago

CSS allows to check history via :visited

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED DUPLICATE of bug 147777

People

(Reporter: zbraniecki, Assigned: security-bugs)

Details

Attachments

(1 file)

testcase
1.39 KB, text/html
Details
There is a hole in Mozilla's CSS :visited anchor support allowing any potential script to check if user visited some pages and of course siletly send those informations anywhere. How does it work? Script has to create anchor and check if it's color is the same as a:visited one. If so - page was visited. OF course it doesn't give access to whole history, but it's still very, very big hole. For example I can check if visitor visited my sponsor site and if not, i wont allow him to visit my site. Steps to reproduce: 1) Open Attachment Actual result: Script can tell me what pages i visited Expected result: Script shouldn't have access to personal data like history. Meaby links should be colorized, but color value should stay?
Attached file testcase
*** This bug has been marked as a duplicate of 147777 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
Here's a site which demonstrates this security risk: http://gemal.dk/browserspy/css.html
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: