Closed
Bug 1428786
Opened 6 years ago
Closed 6 years ago
Link with target=_blank doesn't honor rel=noreferrer
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1420702
People
(Reporter: antirais, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0 Build ID: 20180104112904 Steps to reproduce: 1. create page with following link in the HTML: <a href="https://www.whatsmyreferer.com/" target="_blank" rel="noreferrer">link</a> 2. open the page and click on on the link Impact: sensitive data is leaked to a third-party domain via Referer header Actual results: Link is opened in new tab and Referer header is sent together with the link. Expected results: Referer header should not be sent as specified in HTML5 standard: https://html.spec.whatwg.org/multipage/links.html#linkTypes
Comment 1•6 years ago
|
||
This is a duplicate of bug 1426702, which in turn is a duplicate of bug 1420702. The former probably has more relevant information. None of those bugs are hidden, so there's probably no point keeping this hidden, either.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•