Vigil@nce - Firefox 16: disclosure of visited url
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious web page, in order to obtain
the list of url visited by Firefox 16 users.
– Impacted products: Firefox
– Severity: 2/4
– Creation date: 11/10/2012
DESCRIPTION OF THE VULNERABILITY
An url can contain parameters. For example:
http://server/?var=value
Values of these parameters can contain sensitive information.
However, a malicious web page can obtain the list of url
previously browsed by the user. The attacker also obtains
sensitive information given as parameters.
An attacker can therefore create a malicious web page, in order to
obtain the list of url visited by Firefox 16 users.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Firefox-16-disclosure-of-visited-url-12066