Safe Cache and History for Firefox
In theory, websites can use your browsers cache to determine if and when you visited another website. To do this a website would simply have to know which images, or other files, are used on the website that it wants to probe for.
So, if image test.jpg is loaded from the cache instead of the attacker's website it is safe to assume that the user has been visiting the first website as well (or another one with the same image).
Safe Cache and Safe History are two Firefox extensions that prevent this methods of finding out. In the case of Safe Cache, the user has the option to select one of the following privacy levels: segmented cache, cache originating site only, or never cache. For Safe History it is: segmented by origin, don't mark links visited in offsite frames, or never mark links visited.
A test website has been created that uses the method to determine your online bank. This probably does only work for US online banks and only the user visited a website of a bank and did not delete the cache in Firefox afterwards. Both Firefox add-ons are recommended to increase security.
Update: Please note that newer versions of Firefox do not leak the browsing history anymore. It is no longer possible to use style information to distinguish visited websites from websites that have not been visited in recent time -- since the last browser history cleaning.
As far as safe cache features are concerned, it too seems to have been resolved in recent versions of the Mozilla Firefox web browser.
You can test the Safe Cache test page to test that on your system, and the Safe History test page to test it.
The two browser extensions are not compatible anymore with the most recent versions of Firefox and links have been removed as a consequence.
Leave a Reply