Closed Bug 284843 Opened 20 years ago Closed 20 years ago

referrer information leakage using goto-url-newtab

Categories

(Other Applications :: ChatZilla, defect)

Product:
Other Applications
Component:
ChatZilla
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 263216
Milestone:
mozilla1.3final

People

(Reporter: chatzilla, Assigned: rginda)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1

When using goto-url-newtab, the URL of the active tab is sent as the referrer to
the page being opened. Tested this by opening new tabs from withing FF and from
other 3rd party apps. They all give blank referrers. goto-url-newwin also gives
a blank referrer. using 0.9.67

Reproducible: Always

Steps to Reproduce:
1. Open a tab or series of tabs in FF 1.0.1
2. Middle-click (or right click and choose open in new tab) any link in
chatzilla for which you can read the referrer logs on.
3. Watch the URL of the *active* tab be listed as the referrer URL.
This is a firefox bug.  Nothing we can do about it.  This almost certainly a dup
as well.
OS: Linux → All
Hardware: PC → All
Security bug my arse. Get it out that group *now*.

This is a dup of bug 263216 comment 4, which explains the problem quite clearly.

*** This bug has been marked as a duplicate of 263216 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
CC list accessible: false
Not accessible to reporter
This is, in fact, a security issue; it was not inappropriate for the reporter to
flag it as such. As it turns out we prefer to leave this kind of minor privacy
leak out in the open, especially since it's not attacker controlled, but there's
no call for the harsh language.
Target Milestone: --- → mozilla1.3final
You need to log in before you can comment on or make changes to this bug.