Privacy leak in mozilla

From: Sven Neuhaus (snat_private)
Date: Wed Sep 11 2002 - 05:51:12 PDT

Next message: Damon McMahon: "Re: Vulnerabilities in Microsoft's Java implementation"

Previous message: Mandrake Linux Security Team: "MDKSA-2002:059 - php update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a serious privacy leak in Mozilla that reveals the URL of the
page you are visiting to the web server of the page you visited last.
The leak not only occurs for links followed on the page (that wouldn't
be particularly serious) but also for URLs entered manually or picked
from the bookmarks.

The bug affects Mozilla 1.0, 1.0.1, 1.1 and probably older versions as
well. It also affects Mozilla-based browers such as Netscape 7 and
Galeon.

The problem is that HTTP requests that are launched from a page's
"onunload" handler have the wrong referer (sic): They get the referer of
the next page the user is about to visit.

Demonstration URL:
http://members.ping.de/~sven/mozbug/refcook.html

This is bug 145579 from the bugzilla database. It's a couple of months
old now so I'm disclosing this vulnerability to hopefully initiate the
fixing process.

Workaround: Disable Javascript.

Best,
-Sven Neuhaus

Next message: Damon McMahon: "Re: Vulnerabilities in Microsoft's Java implementation"
Previous message: Mandrake Linux Security Team: "MDKSA-2002:059 - php update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 11 2002 - 12:24:42 PDT