Websites Gain Access to Browser History and Exploit It.

[BobH]

My morning bird-cage liner had this headline: "Web browser flaw reveals online history". The article went on to explain that Firefox and IE allow applications to run from sites when you visit that exploit the weakness and read history and pass it to an app that can then select targeted ads for display. It mentioned Interclick as the application and Newsmax.com and Morningstar.com as sites that had used it. The article stated that Safari and Chrome are not affected, i.e., do not have the 'flaw' that allows history to be accessed.

Any guesses as to how long before IE and Fx come out with new versions?

My recent post complaining of LSOs might have been off the mark. I'm beginning to think that maybe it was history tracking that caused me to see so many ads related to recent web surfing. At any rate, I now have Firefox deleting history when it closes and I'm only allowing cookies to be saved by CCleaner from about 6 or 8 sites.

Does anyone know if Firefox carries over settings from previous options when an update is installed? I have been under the impression that it preserved your preferences, but somehow the history deletion process slipped by me undetected. I made it a practice to set history to be deleted many years ago and thought that Firefox was taking care of it. Guess I'll have to be more careful when installing future updates.

[HansV]

The exploit uses JavaScript. The free NoScript add-on for Firefox blocks JavaScript unless you explicitly allow it, so it provides protection against history hijacking by arbitrary sites. But of course, if a site seems reputable (such as Morningstar) and you enable JavaScript, you'll still be vulnerable.

[TonyE]

Mozilla fixed this in the development builds of Firefox back in April. The Firefox 4 beta builds include this fix, the latest version is available from http://www.mozilla.com/firefox/beta/" onclick="window.open(this.href);return false;

[TonyE]

If you want to see this at work, go to http://www.mikeonads.com/2008/07/13/usi ... te-gender/" onclick="window.open(this.href);return false;

If using a browser that is susceptible to this, it will use your browsing history to have a guess at your gender.

[HansV]

Hmm... what to think of this (using IE8 or Firefox 3.6.12, if I temporarily allow scripts):

Likelihood of you being FEMALE is 50%
Likelihood of you being MALE is 50%

Yeah, right...

[TonyE]

Hmm... what to think of this (using IE8 or Firefox 3.6.12, if I temporarily allow scripts):

Likelihood of you being FEMALE is 50%
Likelihood of you being MALE is 50%

Yeah, right...

For me when using Firefox 3.6.13 it said 81% chance of being male, 50/50 when using Firefox 4 development builds as it could not read the history.

[Goshute]

I'm only 91% male. I'm going to have to stop the Bride from using my laptop to visit Pottery Barn and Sephora. (Though I realize I have visited Sephora to buy gifts for the Bride and daughters.)

[Bigaldoc]

Well I feel worse than you fellas! Guess I'm gonna have to work on this, huh?

Likelihood of you being FEMALE is 71%
Likelihood of you being MALE is 29%

[HansV]

Must be because of your Christmas userpic, Al!

[Claude]

Likelihood of you being FEMALE is 50%
Likelihood of you being MALE is 50%

on a system with FF 3.6.12 and nil history. One visit to cnn.com and voila:

Likelihood of you being FEMALE is 43%
Likelihood of you being MALE is 57%

[HansV]

Don't let your wife visit cnn.com then, at least not too often...

[DaveA]

Must be the Family research that bring up the female rating.

I noticed that The Lounge" is not listed and I visit it as much if not more of techguys. I do NOT visit Comcast site itself much, but yesterday I was there twice.

Likelihood of you being FEMALE is 61%
Likelihood of you being MALE is 39%

Site Male-Female Ratio
comcast.net 0.89
ancestry.com 0.63
state.co.us 0.87
techguy.org 1.56
findagrave.com 0.85