Plugging CSS History Leaks in Firefox

Apr 14, 2010

Yesterday's nightly Firefox build fixed bug 147777, in which the :visited CSS property allows web sites to detect which sites you have visited (essentially a privacy hole). Sid Stamm wrote a very interesting article on the problem, along with how the Firefox team decided to fix the issue. I recall being amazed at the simplicity of this privacy attack: no JavaScript was needed for a site to figure out where you had been. Several history sniffing websites are available if you're interested in seeing the hole in action.

No comments (yet!)

Leave a Comment

Ignore this field:
Never displayed
Leave this blank:
Optional; will not be indexed
Ignore this field:
Both Markdown and a limited set of HTML tags are supported
Leave this empty: