- Web Burning Blog - https://lnx.web-burning.it -

Mozilla Plugs The CSS History Leak

All web browsers are currently having a CSS history privacy leak which enables attackers to brute force a list of sites that the user visited on the Internet. The CSS leak makes use of a function in CSS that colors visited and not visited links differently. All the attacker needs to do is to display a huge list of possible sites in the user’s web browser and check how their link color looks like to see if it has been visited.

The scripts are currently able to test more than 200K URLs per minute which should be enough to create a solid profile of nearly any web user.

Some factors mitigate the problem like clearing the history regularly.

The Mozilla developers have now come up with a solution for the problem that applies three changes to the way links are styled in the web browser.

The Mozilla blog [1] has a fairly long article up with technical details as does David Baron [2] whose solution was picked to plug the CSS History leak in the web browser.

It is not yet clear when this will make its way into the Firefox [3] web browser but it is likely that it will be implemented soon.

Users who do not want to wait can protect their computer’s from the leak by setting “layout.css.visited_links_enabled option in about:config to false” which however has the consequence that no visited styling is displayed whatsoever in the web browser.

Users of all web browsers who want to test what a script could find out about their surfing habits can visit the Start Panic [4] website

Continua a leggere – Original Link: Mozilla Plugs The CSS History Leak [5]

Technorati Tags: browsing [6], css [7], firefox [8], gadgets [9], history leak [10], Internet [11], internet explorer [12], Linux [13], networks [14], operating systems [15], Security [16], web browser [17]