About firefox-1.0.4-4 CSS history exploit
Rogelio Jacinto
rogelio.jacinto at onceonce.com
Sun Jun 5 14:40:32 UTC 2005
Marcus wrote:
> I've visited this browser test: http://gemal.dk/browserspy/css.html
I visited the page and read the source.
> with the latest firefox-1.0.4-4 and wonder me, why the script can
read my browser >history?! Is it a general firefox feature or a bug?
What the script is doing is the following:
1. Sets up a list of popular pages, this is hardcoded in the script.
2. Writes the HTML code including in line CSS styles for the link list:
{position: absolute; top: 0} for the unvisited anchor elements (links)
and {top: 100px; color: #660001;} for the visited anchors.
3. Examines the anchor elements to determine if the CSS style contains
any of the properties and values assigned through the in line styles.
If the condition is met then writes out: "Yes you have been visiting the
site lately!".
I think this is -not- a bug, it's just a clever use of javascript and
CSS that exploits the well known CSS behavior of styling a visited link
differently than a unvisited link.
The script does not read the browser history nor does it access any
cookies.
Regards,
Rogelio
More information about the fedora-test-list
mailing list