Uellue's Blog

Malicious web sites can gain information about visited sites in Firefox

heise online - Angreifer können Liste besuchter Webseiten auslesen (german)

This actually works - try the online demo! The hack exploits that browsers assign different CSS properties to a link depending on if it's visited or not. This example assigns different colors to visited and unvisited sites via CSS and then reads the color with JavaScript. It's also possible to assign CSS properties to links so that an image is loaded or not depending on whether the link was visited or not. This even works without JavaScript.

Comments

No comments yet.

Add a comment

Please leave these fields blank:

No HTML please.


You can edit this comment until 30 minutes after posting.