Package: midori
Version: 0.2.2-1
Severity: normal
There is a "Disclosure of user information" security flaw in the midori
browser due to the implementation of support for CSS :visited pseudoclass
elements. It is possible to specify a background-url attribute which will make
a request to the server if a particular link has been visited. Using this CSS
mechanism, it is possible for a hosting server to determine visited links
without using Javascript.
For example:
<style>
a#link1:visited { background-image: url(/log?link1_was_visited); }
a#link2:visited { background-image: url(/log?link2_was_visited); }
</style>
<a href="http://google.com" id="link1">
<a href="http://yahoo.com" id="link2">
If link1 (http://google.com) has been visited, the browser will make a request
back to the server to retrieve the background for the #link1 rule. By
appending a different URL argument to each rule we can determine which of the
links were visited. Please note that this requires no client-side scripting
whatsoever, and only relies on the availability of CSS.
The following website demonstrates a working exploit of this vulnerability:
http://www.whattheinternetknowsaboutyou.com/
Mark.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (60, 'testing'), (50, 'unstable')
Architecture: i386 (i386)
Kernel: Linux 2.6.26-2-486
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages midori depends on:
ii dbus-x11 1.2.16-2 simple interprocess messaging syst
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libcairo2 1.8.8-2 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.2.16-2 simple interprocess messaging syst
ii libdbus-glib-1-2 0.82-2 simple interprocess messaging syst
ii libfontconfig1 2.8.0-2 generic font configuration library
ii libfreetype6 2.3.11-1 FreeType 2 font engine, shared lib
ii libglib2.0-0 2.24.0-1 The GLib library of C routines
ii libgtk2.0-0 2.18.3-1 The GTK+ graphical user interface
ii libjs-mootools 1.2.4-1 compact JavaScript framework
ii libnotify1 [libnotify1-gtk2 0.4.5-1 sends desktop notifications to a n
ii libpango1.0-0 1.26.1-1 Layout and rendering of internatio
ii libsoup2.4-1 2.28.2-1 an HTTP library implementation in
ii libsqlite3-0 3.6.23.1-1 SQLite 3 shared library
ii libunique-1.0-0 1.1.6-1 Library for writing single instanc
ii libwebkit-1.0-2 1.1.17-2 Web content engine library for Gtk
ii libx11-6 2:1.2.2-1 X11 client-side library
ii libxml2 2.7.6.dfsg-1 GNOME XML library
Versions of packages midori recommends:
ii gnome-icon-theme 2.28.0-1 GNOME Desktop icon theme
midori suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]