Closed Bug 224954 Opened 21 years ago Closed 21 years ago

CSS allows to check history via :visited

Categories

(Core :: Security, defect)

defect
Not set
major

Tracking

()

VERIFIED DUPLICATE of bug 147777

People

(Reporter: zbraniecki, Assigned: security-bugs)

Details

Attachments

(1 file)

There is a hole in Mozilla's CSS :visited anchor support allowing any potential
script to check if user visited some pages and of course siletly send those
informations anywhere.

How does it work? Script has to create anchor and check if it's color is the
same as a:visited one. If so - page was visited. 
OF course it doesn't give access to whole history, but it's still very, very big
hole.

For example I can check if visitor visited my sponsor site and if not, i wont
allow him to visit my site.

Steps to reproduce:
1) Open Attachment

Actual result:
Script can tell me what pages i visited


Expected result:
Script shouldn't have access to personal data like history. Meaby links should
be colorized, but color value should stay?
Attached file testcase

*** This bug has been marked as a duplicate of 147777 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
Here's a site which demonstrates this security risk:
http://gemal.dk/browserspy/css.html
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: