Bug#579191: CSS visited elements allow for disclosure of users browser history

Josselin Mouette joss at debian.org
Mon Apr 26 07:17:26 UTC 2010


Le lundi 26 avril 2010 à 07:13 +0100, markhobley at yahoo.co.uk a écrit :
> There is a "Disclosure of user information" security flaw in the epiphany 
> browser due to the implementation of support for CSS :visited pseudoclass 
> elements. It is possible to specify a background-url attribute which will make
> a request to the server if a particular link has been visited. Using this CSS
> mechanism, it is possible for a hosting server to determine visited links
> without using Javascript. 

Could you talk about this with upstream? This is not something we should
fix only at the Debian level.

Cheers,
-- 
 .''`.      Josselin Mouette
: :' :
`. `'   “A handshake with whitnesses is the same
  `-     as a signed contact.”  -- Jörg Schilling







More information about the pkg-gnome-maintainers mailing list