Closed Bug 1428786 Opened 6 years ago Closed 6 years ago

Link with target=_blank doesn't honor rel=noreferrer

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
57 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1420702

People

(Reporter: antirais, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0
Build ID: 20180104112904

Steps to reproduce:

1. create page with following link in the HTML:

<a href="https://www.whatsmyreferer.com/" target="_blank" rel="noreferrer">link</a>

2. open the page and click on on the link

Impact: sensitive data is leaked to a third-party domain via Referer header


Actual results:

Link is opened in new tab and Referer header is sent together with the link.


Expected results:

Referer header should not be sent as specified in HTML5 standard: https://html.spec.whatwg.org/multipage/links.html#linkTypes
This is a duplicate of bug 1426702, which in turn is a duplicate of bug 1420702. The former probably has more relevant information. None of those bugs are hidden, so there's probably no point keeping this hidden, either.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.