Closed Bug 547002 Opened 14 years ago Closed 14 years ago

Browser history can be retraced by any website through the link coloring

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED DUPLICATE of bug 147777

People

(Reporter: legreg_mozillaorg, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)

It seems that some websites have found way to exploit the coloring of web links : They run javascript that checks whether a link is displayed in one color or another then they can tell that the user has visited the tested website. This sounds like a potential security hole that needs to be filled. Users expect that their browsing history is private rather than exposed to any random website that they visit.

Reproducible: Always

Steps to Reproduce:
1.Visit the provided link
2.it may find websites you've visited in the past if they're in your browser history.

Actual Results:  
Website linked displays websites you have visited earlier.

Expected Results:  
A random website should not have access to this information.

Possible workaround is to prevent the browser to remember history between sessions or to clear it after each visited website but is not practical and some people like to remember their history.
very old news - please search before you file a bug
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
v.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.