Fellow PLUGgers, I don't know how serious this bug actually is, which probably depends on how deep it goes into the code and what other information can be leaked out, but the demonstration page actually works and well... my initial reaction was "wow, cool".
Not that when you return to the page you don't have to use the back button, you can re-enter it into the address bar and it will still work, meaning the demo page will know what URL you went to immediately after you visited the demo page last. --> Jijo ----- Forwarded message from Sven Neuhaus <[EMAIL PROTECTED]> ----- Subject: Privacy leak in mozilla From: Sven Neuhaus <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Message-Id: <1031748672.12656.37.camel@zap> There is a serious privacy leak in Mozilla that reveals the URL of the page you are visiting to the web server of the page you visited last. The leak not only occurs for links followed on the page (that wouldn't be particularly serious) but also for URLs entered manually or picked from the bookmarks. The bug affects Mozilla 1.0, 1.0.1, 1.1 and probably older versions as well. It also affects Mozilla-based browers such as Netscape 7 and Galeon. The problem is that HTTP requests that are launched from a page's "onunload" handler have the wrong referer (sic): They get the referer of the next page the user is about to visit. Demonstration URL: http://members.ping.de/~sven/mozbug/refcook.html This is bug 145579 from the bugzilla database. It's a couple of months old now so I'm disclosing this vulnerability to hopefully initiate the fixing process. Workaround: Disable Javascript. Best, -Sven Neuhaus ----- End forwarded message ----- -- Federico Sevilla III : http://jijo.free.net.ph Network Administrator : The Leather Collection, Inc. GnuPG Key ID : 0x93B746BE _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
