Bug#579191: CSS visited elements allow for disclosure of users browser history
markhobley at yahoo.co.uk
markhobley at yahoo.co.uk
Mon Apr 26 06:13:49 UTC 2010
Package: epiphany-browser
Version: 2.30.2-1
Severity: normal
There is a "Disclosure of user information" security flaw in the epiphany
browser due to the implementation of support for CSS :visited pseudoclass
elements. It is possible to specify a background-url attribute which will make
a request to the server if a particular link has been visited. Using this CSS
mechanism, it is possible for a hosting server to determine visited links
without using Javascript.
For example:
<style>
a#link1:visited { background-image: url(/log?link1_was_visited); }
a#link2:visited { background-image: url(/log?link2_was_visited); }
</style>
<a href="http://google.com" id="link1">
<a href="http://yahoo.com" id="link2">
If link1 (http://google.com) has been visited, the browser will make a request
back to the server to retrieve the background for the #link1 rule. By
appending a different URL argument to each rule we can determine which of the
links were visited. Please note that this requires no client-side scripting
whatsoever, and only relies on the availability of CSS.
The following website demonstrates a working exploit of this vulnerability:
http://www.whattheinternetknowsaboutyou.com/
Mark.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (60, 'testing'), (50, 'unstable')
Architecture: i386 (i386)
Kernel: Linux 2.6.26-2-486
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages epiphany-browser depends on:
ii dbus-x11 1.2.16-2 simple interprocess messaging syst
ii epiphany-browser-data 2.29.3-1 Data files for the GNOME web brows
ii gnome-icon-theme 2.28.0-1 GNOME Desktop icon theme
ii iso-codes 3.14-1 ISO language, territory, currency,
ii libavahi-client3 0.6.25-2 Avahi client library
ii libavahi-common3 0.6.25-2 Avahi common library
ii libavahi-gobject0 0.6.25-3 Avahi GObject library
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libdbus-1-3 1.2.16-2 simple interprocess messaging syst
ii libdbus-glib-1-2 0.82-2 simple interprocess messaging syst
ii libgconf2-4 2.28.0-1 GNOME configuration database syste
ii libgirepository1.0-0 0.6.8-1 Library for handling GObject intro
ii libglib2.0-0 2.24.0-1 The GLib library of C routines
ii libgnome-keyring0 2.28.1-2 GNOME keyring services library
pn libgtk2.0-0 <none> (no description available)
ii libice6 2:1.0.6-1 X11 Inter-Client Exchange library
ii libnotify1 [libnotify1-gtk2 0.4.5-1 sends desktop notifications to a n
ii libnspr4-0d 4.8.2-1 NetScape Portable Runtime Library
ii libnss3-1d 3.12.6-1 Network Security Service libraries
ii libpango1.0-0 1.26.1-1 Layout and rendering of internatio
pn libseed0 <none> (no description available)
ii libsm6 2:1.1.1-1 X11 Session Management library
pn libsoup-gnome2.4-1 <none> (no description available)
pn libsoup2.4-1 <none> (no description available)
pn libwebkit-1.0-2 <none> (no description available)
ii libx11-6 2:1.2.2-1 X11 client-side library
ii libxml2 2.7.6.dfsg-1 GNOME XML library
ii libxslt1.1 1.1.26-1 XSLT processing library - runtime
Versions of packages epiphany-browser recommends:
ii ca-certificates 20090814 Common CA certificates
pn evince <none> (no description available)
ii yelp 2.28.0+webkit-2 Help browser for GNOME
epiphany-browser suggests no packages.
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list