Mozilla Privacy Bug
Saturday September 14th, 2002
Yesterday, ZDNet UK News reported that Mozilla has a privacy flaw involving HTTP referers. The flaw can be exploited using the
The bug was filed in Bugzilla as bug 145579 on Sunday 19th May, with the more serious
UPDATE! Bug 145579 has now been made public.
ANOTHER UPDATE! A fix has been checked in to the trunk. A patch for the 1.0 branch will follow shortly.
YET ANOTHER UPDATE! A patch has now been checked in to the 1.0 branch.
#1 Not good, but . . .
Saturday September 14th, 2002 1:54 PM
You are replying to this message
IMO, as far as security/privacy vulnerabilities go, this one is fairly minor. Ideally, the only users of Mozilla based browsers affected by this bug that need to be worried about it, are those that would generally visit site with questionable or illegal content, like porn, warez, pirated music files, paedophilia . . . etc. If, like most people, you don't visit any such sites when using a Mozilla based browser affected by this flaw, you have very little to worry about. I imagine this will likely be patched in a forthcoming Mozilla nightly, and perhaps Chimera will step up to version to 0.5.1 or 0.6. As for Netscape, I'm not so sure. Would they really offer a v7.01 revision of their recent major release, or shrug it off until the next big release. Ideally, as this as come to light so soon after Netscape has released their new v7.0 browser, then as soon as there a fix for this bug, Netscape ought to make available to their users as an XPI that can be applied directly, rather than forcing users to re-download a complete new version of the entire browser package.