Mozilla Plugs The CSS History Leak

31 Mar/10

All web browsers are currently having a CSS history privacy leak which enables attackers to brute force a list of sites that the user visited on the Internet. The CSS leak makes use of a function in CSS that colors visited and not visited links differently. All the attacker needs to do is to display a huge list of possible sites in the user’s web browser and check how their link color looks like to see if it has been visited.

The scripts are currently able to test more than 200K URLs per minute which should be enough to create a solid profile of nearly any web user.

Some factors mitigate the problem like clearing the history regularly.

The Mozilla developers have now come up with a solution for the problem that applies three changes to the way links are styled in the web browser.

The Mozilla blog has a fairly long article up with technical details as does David Baron whose solution was picked to plug the CSS History leak in the web browser.

It is not yet clear when this will make its way into the Firefox web browser but it is likely that it will be implemented soon.

Users who do not want to wait can protect their computer’s from the leak by setting “layout.css.visited_links_enabled option in about:config to false” which however has the consequence that no visited styling is displayed whatsoever in the web browser.

Users of all web browsers who want to test what a script could find out about their surfing habits can visit the Start Panic website

Continua a leggere – Original Link: Mozilla Plugs The CSS History Leak

Technorati Tags: , , , , , , , , , , ,

Leggi Anche

Condividi in DeliciousCondividi in DiggCondividi in RedditCondividi in StumbleCondividi in MixxCondividi in Tecnorati


I commenti sono disabilitati per questo articolo.

I commenti sono chiusi.


    Spina Rosario
    Inserito da


Iscrizione Newsletter

    Tieniti informato http://con tutte le novità del mondo informatico con la nostra newsletter


    Auto Shop Italia
    Web Burning Blog
    Info Privacy