Mozilla OnUnload Referer Information Leakage Race Condition Information Disclosure (deprecated)

Medium Nessus Network Monitor Plugin ID 1316

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running a version of the Mozilla browser that has a problem in its implementation of the JavaScript "onUnload" event handler that has the potential to leak sensitive information to websites. When other pages are launched using the event handler, the vulnerable client encapsulates the address of the next page that is visited in the HTTP referer field. The correct behavior is to include the address of the previously visited page in the HTTP referer field. Using this handler, a webpage can cause the browser to link information about the next page that was visited.

Solution

Upgrade to the latest version of Mozilla.

Plugin Details

Severity: Medium

ID: 1316

Family: SMTP Clients

Published: 2004/08/20

Modified: 2016/01/21

Dependencies: 1330

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:mozilla

Reference Information

CVE: CVE-2002-1126

BID: 5694