Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla OnUnload Referer Information Leakage Race Condition Information Disclosure (deprecated)

Medium

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running a version of the Mozilla browser that has a problem in its implementation of the JavaScript "onUnload" event handler that has the potential to leak sensitive information to websites. When other pages are launched using the event handler, the vulnerable client encapsulates the address of the next page that is visited in the HTTP referer field. The correct behavior is to include the address of the previously visited page in the HTTP referer field. Using this handler, a webpage can cause the browser to link information about the next page that was visited.

Solution

Upgrade to the latest version of Mozilla.