Ignore my previous comment.
Why is that an insecure situation, exactly?
According to the reference (RFC 2616 15.1.3), "Because the source of a link might be private information or might reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent." (e.g., you don't want to publish the location of a file on your local hard drive, AIUI)
Yes, but we already have a pref to control this, and a file:// referrer will NEVER get sent to an http:// URI, no matter what the pref setting is. So the question remains, why is this a security-sensitive situation any more than any other window.open() call? Note that not sending referrer on window.open in general _will_ break sites.
(In reply to comment #3) > Why is that an insecure situation, exactly? I don't yet know, I'm still thinking about that... we should ask Microsoft ;)
But it sends it on <a href="" target="_blank">? In short, I just see a bug in IE, not a security issue in Mozilla...
*** Bug 283619 has been marked as a duplicate of this bug. ***
*** Bug 359851 has been marked as a duplicate of this bug. ***