Plugging CSS History Leaks in Firefox

Published on April 14, 2010

Yesterday's nightly Firefox build fixed bug 147777, in which the :visited CSS property allows web sites to detect which sites you have visited (essentially a privacy hole). Sid Stamm wrote a very interesting article on the problem, along with how the Firefox team decided to fix the issue. I recall being amazed at the simplicity of this privacy attack: no JavaScript was needed for a site to figure out where you had been. Several history sniffing websites are available if you're interested in seeing the hole in action.

Comments are closed.

Copyright © 2004-2020 Jonah Bishop. Hosted by DreamHost.