ZDNet:  Reviews | Downloads | Tech Update | Prices
Page OneApplicationsNetworkingeBusinessHardwareCommentary



Networking


Mozilla bug leaks Web surfing data
By Matthew Broersma
Special to ZDNet News
September 16, 2002, 5:06 AM PT
TalkBack!

Netscape and other Web browsers based on the Mozilla development project contain a bug that leaks people's Web surfing data, according to a new report.

The bug reveals the URL of the page someone is viewing to the Web server of the site last visited. This allows a Web server to track where people go after they leave the site, even if the next Web address comes from a bookmark or is manually typed into the browser.

Researcher Sven Neuhaus, who published a security alert on Wednesday about the issue to the Bugtraq mailing list, said he had confirmed the bug in Mozilla 1.0, 1.0.1 and 1.1, though it probably also existed in older Mozilla versions. It also appears in browsers based on Mozilla's technology, including Netscape 7 and Galeon, a Linux application, he said.
Click Here.

Mozilla is an open-source project initiated by Netscape Communications, now part of AOL Time Warner, to foster volunteer interest in its browser technology. Mozilla's features and its Gecko rendering engine are now used in the Netscape 7 commercial software from AOL Time Warner.

The problem lies with a component called "onunload," Neuhaus said. He created a demonstration exploiting the bug, which he said is several weeks old, hoping to prompt Mozilla developers to deliver a fix.

In the meantime, Neuhaus said the vulnerability can be worked around by switching off JavaScript.


E-mail this story! Printer Friendly

Also on ZDNet
Find the tech gear you need in CNET's Back to School guide.
Get ahead of the competition with the BizTech Library.
Improve your PC's performance with the Memory Configurator.
Don't miss up-to-the-minute IT commentary on TechRepublic's blog.
Laid off? Find a new IT job today in our Career Center.


 TalkBack: Post your comment here
       Re: Mozilla bug leaks Web surfing data  Don Jackson

       Re: Mozilla bug leaks Web surfing data  Loverock Davidson

       Re: Mozilla bug leaks Web surfing data  Robert Crocker

       Re: Mozilla bug leaks Web surfing data  Dan Fields

       Re: Mozilla bug leaks Web surfing data  ph 3W7

       Re: Mozilla bug leaks Web surfing data  Don Jackson

       Re: Mozilla bug leaks Web surfing data  Zig Ziggy

       Re: Mozilla bug leaks Web surfing data  Dan Fields

       Where are all the post's? Oh, this isn't a MS bug.  Tim Taylor

       Re: Where are all the post's? Oh, this isn't a MS   Andy Placeres

       Re: Where are all the post's? Oh, this isn't a  Christopher Williams

       Re: Where are all the post's? Oh, this isn't a MS   ph 3W7

       Re: Where are all the post's? Oh, this isn't a MS   Stewart Cannon

       Re: Where are all the post's? Oh, this isn't a  John O'Grady

       Re: Where are all the post's? Oh, this isn't a  ph 3W7

       Re: Where are all the post's? Oh, this isn't a MS   steve mcgrew

       Tim, your day in the Sun, make it a good one  thomas drazul

       Re: Tim, your day in the Sun, make it a good one  Tim Taylor

       Re: Tim, your day in the Sun, make it a good one  Tony Soprano

       Re: Tim, your day in the Sun, make it a good one  Brian Hartman

       Re: Tim, your day in the Sun, make it a good one  Yagotta B. Kidding

       Re: Where are all the post's? Oh, this isn't a MS   Travis Prebble

       Re: Where are all the post's? Oh, this isn't a MS   thomas drazul

       Silly is the report, sillier is the article.  Yoda *.

       Re: Silly is the report, sillier is the article.  steve mcgrew

       Re: Mozilla bug leaks Web surfing data  Tony Soprano

       Re: Mozilla bug leaks Web surfing data  James Allen

       Re: Mozilla bug leaks Web surfing data  Giordano Sagrati

       Re: Mozilla bug leaks Web surfing data  Costin Cozan

       Re: Mozilla bug leaks Web surfing data  James Allen


 Search


 
 Tech Update

Coordinating a disaster plan

WLAN with no plan spells failure

Are you ready for "active networking?"

More networking analysis...
 News in Brief

Vodafone mulls French mobile phone operator  10:07AM

France Tel investors await cash call  08:53AM

WorldCom cuts international jobs  07:42AM

AT&T clamps down on multiple IP addresses  06:13AM

Cuba goes online to refute terror charge  04:54AM

More...

 Commentary

RASH RASH
Read Tech Update's expert on security and networking More...

More Commentary...


ZDNet Tech Update
Featured Resource Centers
Sybase:
Request for more info, Whitepapers and more.
Gateway:
Hardware, Products and more.

 News Tools

 News Archives

 News in Brief

 News for your PDA

 Contact Us

 Corrections
Newsletters
Tech Update Today
Security Update
OS Update




All newsletters
FAQ
Manage my newsletters


ZDNet 		Services: Cybersecurity Report | Hosting Providers | IT Resources | CNET Back to School Guide | Tech Jobs

      CNET Networks: Builder | CNET | GameSpot | mySimon | TechRepublic | ZDNet
 About CNET Networks 

About Us | Feedback | Your Privacy | Service Terms | Advertise | ZDNet Jobs		  
Copyright © 2002 CNET Networks, Inc. All rights reserved. ZDNet is a registered service mark of CNET Networks, Inc. ZDNet Logo is service mark of CNET Networks, Inc.