Which client-side attack exploits vulnerabilities in the data compression feature of TLS, SPDY, and HTTPS?

This question targets attacks that abuse data compression used with TLS/HTTPS to reveal secret information. The CRIME attack takes advantage of TLS (and SPDY) compression by observing how the size of the compressed ciphertext changes when the attacker influences the plaintext. By injecting known data into requests and monitoring the resulting compressed output, the attacker can infer secret values in the data being sent (such as a session cookie). The compression step creates a side channel: repeated patterns compress more, so guessing parts of the secret affects the overall size in predictable ways, allowing the secret to be recovered bit by bit. The defense is to disable TLS/SPDY compression entirely, since it’s the compression feature itself that enables the leakage. The other options describe different kinds of hijacking or disruption, not leveraging the compression-based leakage that CRIME exploits.