Vigil@nce - Firefox, Opera: detection of visited sites
December 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can measure the loading duration of a page, in order
to detect if the victim visited a web site.
Severity: 1/4
Creation date: 07/12/2011
IMPACTED PRODUCTS
– Mozilla Firefox
– Mozilla SeaMonkey
– Opera
DESCRIPTION OF THE VULNERABILITY
Web browsers keep pages previously visited in their caches.
The access time of a cached page is shorter than the time required
to download it.
An attacker can therefore measure the loading duration of a page,
in order to detect if the victim visited a web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Firefox-Opera-detection-of-visited-sites-11199