The Mozilla bug was reported on the Bugtraq mailing list last week by researcher Sven Neuhaus, who said that vulnerability reveals the URL of the page a Web surfer is visiting to the Web server of the last page the user visited. The bug affects Mozilla 1.0, 1.0.1, 1.1 as well as Mozilla-based browsers such as Netscape 7 and Galeon, Neuhaus said. Older versions of Mozilla could also contain the bug, the researcher added.
According to the report, the vulnerability not only occurs for links followed on the page, but also for manually entered URLs and bookmarks. The problem originates in the HTTP requests that are launched from a page's "onunload" handler, he said.
Although Neuhaus said that the bug is a couple months old, he said he was disclosing the vulnerability at this time to prompt a fix.
Mozilla is an open source development project originally begun by Netscape Communications, which is now part of AOL Time Warner. AOLTW has incorporated Mozilla technology into its Gecko Web rendering engine, which is used in the company's Netscape 7 browser.
No one from Mozilla was available to comment on the bug.