IDG News Service - A "serious" privacy leak in Mozilla and other browsers based on the open-source technology, such as Netscape and Galeon, discloses users' Web surfing information, according to a recent report.
The Mozilla bug was reported on the Bugtraq mailing list last week by researcher Sven Neuhaus, who said the vulnerability reveals the URL of the page a Web surfer is visiting to the Web server of the last page the user visited. The bug affects Mozilla 1.0, 1.0.1 and 1.1 as well as Mozilla-based browsers such as Netscape 7 and Galeon, Neuhaus said. Older versions of Mozilla could also contain the bug, the researcher added.
According to the report, the vulnerability not only occurs for links followed on the page, but also for manually entered URLs and bookmarks. The problem originates in the HTTP requests that are launched from a page's "onunload" handler, Neuhaus said.
He added that although the bug is a couple of months old, he was disclosing the vulnerability at this time to prompt a fix.
Mozilla is an open-source development project originally begun by Netscape Communications Corp., which is now part of AOL Time Warner Inc. AOL Time Warner has incorporated Mozilla technology into its Gecko Web rendering engine, which is used in the company's Netscape 7 browser, among others.
A Mozilla representative wasn't immediately available to comment on the bug today.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
