Privacy leak reported in Mozilla-based browsers

News

Privacy leak reported in Mozilla-based browsers

A "serious" privacy leak in Mozilla, and other browsers based on the open source technology, such as Netscape and Galeon, discloses users' Web surfing information, according to a recent report.

The Mozilla bug was reported on the Bugtraq mailing list last week by researcher Sven Neuhaus, who said that vulnerability reveals the URL of the page a Web surfer is visiting to the Web server of the last page the user visited. The bug affects Mozilla 1.0, 1.0.1, 1.1 as well as Mozilla-based browsers such as Netscape 7 and Galeon, Neuhaus said. Older versions of Mozilla could also contain the bug, the researcher added.

According to the report, the vulnerability not only occurs for links followed on the page, but also for manually entered URLs and bookmarks. The problem originates in the HTTP requests that are launched from a page's "onunload" handler, he said.

Although Neuhaus said that the bug is a couple months old, he said he was disclosing the vulnerability at this time to prompt a fix.

Mozilla is an open source development project originally begun by Netscape Communications, which is now part of AOL Time Warner. AOLTW has incorporated Mozilla technology into its Gecko Web rendering engine, which is used in the company's Netscape 7 browser.

No one from Mozilla was available to comment on the bug.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy