Closed
Bug 484937
Opened 15 years ago
Closed 15 years ago
Link history exploiting
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 147777
People
(Reporter: florin.mogos, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729) This is a privacy bug. Any website can collect information about user's history and his visited websites by inserting hidden links in the page then check the visited status of the link. Reproducible: Always Steps to Reproduce: 1. Add a link to another website in the page 2. Enter the page and check the visited status with javascript, if the visited is true then the user visited that website Expected Results: I think the visited status should be accessible just for the current website links. The user should be able to disable the visited state of a link.
Updated•15 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Updated•15 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•