Ubuntu
rekonq package

rekonq is still vulnerable to CSS history fishing.

Bug #798438 reported by Florian Mäder
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rekonq
Confirmed
Medium
rekonq (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Binary package hint: rekonq

There's a way how to use CSS to fish for visited websites.

You can find a detailed introduction here:
http://infinity-infinity.com/2009/06/sniffing-browser-history-with-css/

The above article's example is offline but you'll find a working example here:
http://didyouwatchporn.com/

Tags: css fishing
Florian Mäder (fkm)
visibility: private → public
Revision history for this message
Rohan Garg (rohangarg) wrote :

Could you please report this upstream at http://bugs.kde.org against the rekonq component, we can then release a SRU if upstream commits a fix

Revision history for this message
Florian Mäder (fkm) wrote : Re: [Bug 798438] Re: rekonq is still vulnerable to CSS history fishing.

Hello Rohan

Sorry, for the delay. I don't check this address very often.

https://bugs.kde.org/show_bug.cgi?id=276747

Yours,
Florian

On Thu, Jun 16, 2011 at 11:49 PM, Rohan Garg <email address hidden> wrote:
> Could you please report this upstream at http://bugs.kde.org against the
> rekonq component, we can then release a SRU if upstream commits a fix
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/798438
>
> Title:
>  rekonq is still vulnerable to CSS history fishing.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/rekonq/+bug/798438/+subscriptions
>

Marc Deslauriers (mdeslaur)
Changed in rekonq (Ubuntu):
importance: Undecided → Low
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in rekonq:
importance: Unknown → Medium
status: Unknown → Confirmed
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.