19Şub
Is Cross Site History Manipulation (XSHM) still relevant?
XSHM is a vulnerability which exploits the fact that the browser history object does not follow the Same Origin Policy and hence by tracking the changes made to this object we may be able to track a user's activities.
Most of the online references about this vulnerability are relatively old and I am unsure if the web browsers have developed any defenses against this vulnerability over time.
My question is if this vulnerability still relevant?
I have found some other references which discuss the exploitation scenarios and it seems that for successful exploitation it is important to load the target site in an iframe. in such a case would it be right to conclude that X-FRAME-OPTIONS header can be a useful tool to mitigate this vulnerability.
