JonDoFox 2.5.3: Provides protection against new HTTP authentication attack

Today, the JonDos GmbH publishes a new version of JonDoFox, a privacy-friendly web browser, that you may also use for anonymous surfing, e.g. over anonymous proxy servers.

What is new?

The JonDoFox research team has uncovered a new attack on web browsers: Affected are the web browsers Firefox, Chrome and Safari. By a hidden call over of a URL with HTTP authentication data, third party sites could track a user over several web sites, even if the user blocks all cookies and other tracking procedures. For doing this, it is sufficient to include a simple CSS file:

<link rel="stylesheet" type="text/css" "http://Session:638431048@ipcheck.info/auth.css.php">

You will find a demonstration of this technique on the web site ip-check.info.

JonDoFox now contains an integrated protection against this attack. Third party sites may now no longer receive HTTP authentication data from the browser. Moreover, the protection against cache and referer tracking has been enhanced. Furthermore, some detail enhancements were added, and JonDoFox is now fully compatible with the new Firefox 6. Users may therefore easily update to the new browser version.

What is JonDoFox?

JonDoFox is both a profile and an extension for the popular Mozilla Firefox web browser. It protects the user's privacy while surfing the web by removing identifying information from the browser. As it is open source software and free to use, it is an ideal add-on for anonymization services like JonDonym and Tor, but may also be used without anonymization software, just for safer surfing.

Download: Anonymous surfing with JonDoFox

Trackbacks

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.