Risks
Vulnerabilities
Browse by
Mozilla Privacy Leak
12 September 2002
Bookmark and Share
From: Sven Neuhaus <sn@neopoly.com>

There is a serious privacy leak in Mozilla that reveals the URL of the page you are visiting to the web server of the page you visited last. The leak not only occurs for links followed on the page (that wouldn't be particularly serious) but also for URLs entered manually or picked from the bookmarks.

The bug affects Mozilla 1.0, 1.0.1, 1.1 and probably older versions as well. It also affects Mozilla-based browers such as Netscape 7 and Galeon.

The problem is that HTTP requests that are launched from a page's "onunload" handler have the wrong referer (sic): They get the referer of the next page the user is about to visit.

Demonstration URL:
http://members.ping.de/~sven/mozbug/refcook.html

This is bug 145579 from the bugzilla database. It's a couple of months old now so I'm disclosing this vulnerability to hopefully initiate the fixing process.

Workaround: Disable Javascript.

Best,
-Sven Neuhaus



Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //