Bug#560108: xulrunner: remote info disclosure via css
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Dec 8 23:12:20 UTC 2009
package: xulrunner
version: 1.9.0.13-0
severity: serious
tags: security
hi,
it has been disclosed that it is possible for any website to query the
user's site viewing history via css. please see [0]. i have not
personally checked whether this package is vulnerable, but it seems to
be a general css design issue, so all css-supporting browsers are
likely affected. please check, and feel free to close the bug if the
package is not affected. thanks.
mike
[0] http://thecoffeedesk.com/news/index.php/2009/08/02/view-remote-browser-history/
More information about the pkg-mozilla-maintainers
mailing list