User tracking across domains, processes (in some cases) and windows/tabs is
demonstrated by exploiting several vulnerabilities in major browsers (Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, and to a limited extent Google Chrome). Additionally, new cross-domain information leakage, and cross domain attacks are described, which provide a foundation for attacks such as “in session phishing”.
According to Opera’s security team, Opera is vulnerable as well, but it was not researched by the author.
Amit Klein
September-November 2008
Download paper [1]
Links:
[1] http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf