Bug#579191: CSS visited elements allow for disclosure of users browser history
Josselin Mouette
joss at debian.org
Mon Apr 26 07:17:26 UTC 2010
Le lundi 26 avril 2010 à 07:13 +0100, markhobley at yahoo.co.uk a écrit :
> There is a "Disclosure of user information" security flaw in the epiphany
> browser due to the implementation of support for CSS :visited pseudoclass
> elements. It is possible to specify a background-url attribute which will make
> a request to the server if a particular link has been visited. Using this CSS
> mechanism, it is possible for a hosting server to determine visited links
> without using Javascript.
Could you talk about this with upstream? This is not something we should
fix only at the Debian level.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `' “A handshake with whitnesses is the same
`- as a signed contact.” -- Jörg Schilling
More information about the pkg-gnome-maintainers
mailing list