There is a "Disclosure of user information" security flaw in the konqueror
browser due to the implementation of support for CSS :visited pseudoclass
elements. It is possible to specify a background-url attribute which will make
a request to the server if a particular link has been visited. Using this CSS
mechanism, it is possible for a hosting server to determine visited links
without using Javascript.
For example:
<style>
a#link1:visited { background-image: url(/log?link1_was_visited); }
a#link2:visited { background-image: url(/log?link2_was_visited); }
</style>
<a href="http://google.com" id="link1">
<a href="http://yahoo.com" id="link2">
If link1 (http://google.com) has been visited, the browser will make a request
back to the server to retrieve the background for the #link1 rule. By
ppending a different URL argument to each rule we can determine which of the
links were visited. Please note that this requires no client-side scripting
whatsoever, and only relies on the availability of CSS.
The following website demonstrates a working exploit of this vulnerability:
http://www.whattheinternetknowsaboutyou.com/
Mark.