Mozilla Foundation Security Advisory 2016-59
Information disclosure of disabled plugins through CSS pseudo-classes
- June 7, 2016
- John Schoenick
- Fixed in
- Firefox 47
Mozilla developer John Schoenick reported that CSS pseudo-classes can be used by web content to leak information on plugins that are installed but disabled. This can be used for information disclosure through a fingerprinting attack that lists all of the plugins installed by a user on a system, even when they are disabled.