Closed Bug 287481 Opened 20 years ago Closed 20 years ago

reading attributes or CSS-styled links allows sniffing global browser history

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
VERIFIED DUPLICATE of bug 147777

People

(Reporter: seppi, Assigned: dveditz)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows 98; en-EN; rv:1.7.6) Gecko Build Identifier: One can apply different styles to links depending on whether they were visited or not, using pseudo-class :visited. By reading back which style was applied using JavaScript we can find out whether a site was visited (according to the global history, which remains among sessions) or not. CSS specification recommends that whenever :visited or other possibly privacy-related attributes are applied, a tainting mechanism should invalidate access to reading the style attributes using ECMA/Java-Script to avoid letting a website read the browser history. Reproducible: Always Steps to Reproduce: 1. visit the site above 2. scroll to the paragraph with "CSS Exploit" in its title 3. visit one of the sites or maybe you alread visited one 4. look at the column "Besucht?" Actual Results: Visited sites will give a "JA, die Seite wurde vor Kurzem besucht!", non-visited site will give a "Nein (oder nicht erkennbar)!". Expected Results: Every site should give a "Nein (oder nicht erkennbar)!". Workaround: clear your browser history as often as possible (not so good).
*** This bug has been marked as a duplicate of 147777 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.