For users using older versions of Firefox, Internet Explorer or other browsers, it’s safe to assume websites can still use these kinds of methods to understand what websites you’ve visited before.
Why is it such an issue?
Well, it’s a flaw first and foremost and it needs to be fixed. If a website is going to find out as to what websites the user has visited before based on hyperlinks on the website that is different because the browser understands the user has visited those websites before, then the website should really be letting users know about their practices – not everyone would find it appealing that websites are snooping up information that to many is considered a privacy violation.
Furthermore, websites that do this may be snooping this information and storing it in a database and matching it against your IP address. The primary use for this is perhaps for advertising and marketing purposes; and by having this information they can display more targeted advertisements to you or even distribute this information to third parties – such as advertisers.
Of course, many people do not think it is much of a big issue, but there are equally people that think it is a privacy violation and that website owners should not be taking advantage of it to collect history information.
What has Mozilla changed to prevent this?
Layout-based Attacks – First and foremost, they have limited as to what styling can be applied to visited links. Visited links can only be different in colour, background, outline, border, fill colours and SVG stroke. Mozilla states that other styling options either leak that the hyperlink has been visited before by “loading a resource or changing position or size of the styled content in the document”, which can otherwise be used to determine visited hyperlinks.
Timing-based Attacks – Mozilla will be changing “some of the guts of our layout engine to provide a fairly uniform flow of execution to minimize differences in layout time for visited and unvisited links”.
The privacy engineer at Mozilla had forewarned that these changes may make a few websites look a little different and “a few sites that use more than color to differentiate visited links may not slightly broken at first”. However, he acknowledged that “it’s the right trade-off to be sure we protect our users’ privacy.”
About other browers.
If you’re running other browsers, it’s important to keep your browser up to date as other browsers may have followed suit after Mozilla had made changes to Firefox in March 2010. For all purposes and intents, running an outdated version of your browser is a security risk in itself – if you’re running Internet Explorer 6, 7 or 8 – you should update to Internet Explorer 9 (or whichever is the most stable version at a later point in time). If you’re running an older version of Firefox, you should update to the latest version. For Windows XP users, as of Firefox 14, XP is supported – because Internet Explorer 9 is not available for XP users, we recommend you opt for the latest stable version of Firefox.