Closed Bug 359060 Opened 18 years ago Closed 18 years ago

Firefox leaks privacy information when handling feeds

Categories

(Firefox Graveyard :: RSS Discovery and Preview, defect)

Product:
Firefox Graveyard
Component:
RSS Discovery and Preview
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 358878

People

(Reporter: joh_walt, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20060811 Minefield/3.0a1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20060811 Minefield/3.0a1

Jared Breland reports in http://www.legroom.net/modules.php?op=modload&name=News&file=article&sid=215 that Firefox transmits private informations to Google when to decide how to handle Web feeds. Information on what feed you're watching is transmitted to Google in the Referer when retrieving the icon for the Web Service Icon.
At this point also Google can also set a cookie (depending on the browsers cookie preferences) to associate this information with further ones (maybe a login to one of their services).

heise news reports on that in http://www.heise-security.co.uk/news/80310 and adds, that this behaviour is also valid for Yahoo!

This is a privacy leak that should be closed. One can argue about the need to retrieve Google's icon every time, but it's absolutely not necessary to send the referer.

Reproducible: Always

*** This bug has been marked as a duplicate of 358878 ***
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Verified Duplicate.
Status: RESOLVED → VERIFIED
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.