Netscape and Mozilla leak Web surfing data

Discussion in 'other security issues & news' started by Ghost, Sep 15, 2002.

Thread Status:
Not open for further replies.
  1. Ghost

    Ghost Guest

    http://news.zdnet.co.uk/story/0,,t269-s2122261,00.html

    A newly publicised flaw in Mozilla-based Web browsers allows servers to discover where visitors go after they leave the site

    Netscape and other Web browsers based on the Mozilla development project contain a bug that leaks users' Web surfing data, according to a new report.

    The bug reveals the URL of the page a user is viewing to the Web server of the site visited last. This allows a Web server to track where users go after they leave the site, even if the next Web address comes from a bookmark or is manually typed into the browser.
     
  2. FanJ

    FanJ Guest

    Hi Ghost,

    From that same page:

    "In the meantime, Neuhaus said the vulnerability can be worked around by switching off Javascript."
     
  3. Ghost

    Ghost Guest

    I went the other route.

    Navigated to:

    C/WINDOWS/Application Data/Mozilla/Profiles/Default User/9jadhtzp.slt (that'll vary, but it'll be an .slt extension), found prefs.js and 'opened' it with NotePad and inserted (by pasting it in at the bottom of the NotePad list, closing and saying 'Yes' to the 'Save changes?' question) the following line:

    user_pref("capability.policy.default.Window.onunload", "noAccess");

    exactly like that

    user_pref("capability.policy.default.Window.onunload", "noAccess");

    which stops the onunload handler from being activated.
     
  4. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    :)Hi...

    Thanks for this interesting link.

    I opened Mozilla and tried (and passed) the test which is referred to in the above-mentioned article.

    I did it by following the third possible route, i.e. sticking with third-party software as Proxomitron or WebWasher.

    These softs have been working hand in hand with any browser (IE, Opera and Mozilla) for long and solve this type of problems easily and systematically - whether the vulnerability is a new or ancient one.

    Rgds, Crockett :cool:
     
Loading...
Thread Status:
Not open for further replies.