>If the exploiter can get whatever javascript he wants to execute on >your system without your approval merely by sending you an email >message, then he doesn't need a referer header to do mischief.
O.k. >The only potential issues I can imagine with the referer header would >be _privacy_ issues, not _security_ issues. For example, if the >target site could read cookies set by the site referenced in the >referer header, that would constitute a potential privacy issue. But >it would not be an exploit in the sense of allowing your system to be >exploited or compromised. Some sites write user name and password or a session ID into the URL, and under some circumstances some version of IE sends this URL as a referer not only to pages which are linked on the initial page but to others, too. -- ------- http://grassomusic.de -------
