Closed Bug 484937 Opened 15 years ago Closed 15 years ago

Link history exploiting

Tracking

()

Status:

RESOLVED DUPLICATE of bug 147777

People

(Reporter: florin.mogos, Unassigned)

References

(
URL
)

Details

Florin Mogos

Reporter

Description

•

15 years ago

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)

This is a privacy bug. Any website can collect information about user's history and his visited websites by inserting hidden links in the page then check the visited status of the link.



Reproducible: Always

Steps to Reproduce:
1. Add a link to another website in the page
2. Enter the page and check the visited status with javascript, if the visited is true then the user visited that website


Expected Results:  
I think the visited status should be accessible just for the current website links. The user should be able to disable the visited state of a link.

Johnathan Nightingale [:johnath]

Updated

•

15 years ago

Status: UNCONFIRMED → RESOLVED

Closed: 15 years ago

Resolution: --- → DUPLICATE

Johnathan Nightingale [:johnath]

Updated

•

15 years ago

Group: core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Link history exploiting

Categories

(Firefox :: Security, defect)

Tracking

()

People

(Reporter: florin.mogos, Unassigned)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated