severity 560108 important thanks On Tue, Dec 08, 2009 at 06:12:20PM -0500, Michael Gilbert wrote: > package: xulrunner > version: 1.9.0.13-0 > severity: serious > tags: security > > hi, > > it has been disclosed that it is possible for any website to query the > user's site viewing history via css. please see [0]. i have not > personally checked whether this package is vulnerable, but it seems to > be a general css design issue, so all css-supporting browsers are > likely affected. please check, and feel free to close the bug if the > package is not affected. thanks. > > mike > > [0] > http://thecoffeedesk.com/news/index.php/2009/08/02/view-remote-browser-history/ > > >
This has been at least three years the issue has been known. If nobody fixed it, it means they don't consider it a serious problem, and as you say, this is by design. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
