

Mozilla's CSS (and Chrome 6) :visited solution is still vulnerable - revo_ads
http://privacylog.blogspot.com/2010/08/mozillas-css-visited-solution-is-still.html

======
revo_ads
Here the official ongoing discussions about the fix and general consequences
on web :

[http://hacks.mozilla.org/2010/03/privacy-related-changes-
com...](http://hacks.mozilla.org/2010/03/privacy-related-changes-coming-to-
css-vistited/)

<https://bugzilla.mozilla.org/show_bug.cgi?id=147777>

------
revo_ads
Oh, i managed to find a way to exploit this. Nice. Back to work Mozilla's
team!

------
revo_ads
this <http://whattheinternetknowsaboutyou.com/> already does not work anymore
with Firefox 4 Beta and latest official Chrome release.

------
ff4beta_user
I confirm this. [http://privacylog.blogspot.com/2010/08/mozillas-css-
visited-...](http://privacylog.blogspot.com/2010/08/mozillas-css-visited-
solution-is-still.html) is still able to detect if i visited a link, on both
Firefox 4 beta and Chrome 6. But i don't think it is a threat because Mozilla
and Google also blocked document.getElementById(x).style.color. So wouldn't
this be practically unexploitable ?

