Mozilla "onunload" handler leaks URLs of Web pages
| mozilla-onunload-url-leak (10084) |  Low Risk |
Description:
Netscape could allow a remote attacker to obtain sensitive information, caused by a vulnerability in the handling of the JavaScript "onunload" handler. The JavaScript "onunload" handler launches URL requests with the HTTP_REFERER of the Web page a user is about to visit. A remote attacker in control of a malicious Web site could use this vulnerability to obtain URLs of the Web pages that a user visits after visiting the attacker's page.
Consequences:
Obtain Information
Remedy:
For Red Hat Linux:
Upgrade to the latest Mozilla package, as listed below. Refer to Red Hat Security Advisory RHSA-2002:192-13 for more information. See References.
Red Hat 7.2: 1.0.1-2.7.2 or later
Red Hat 7.3: 1.0.1-2.7.3 or later
Red Hat 8.0: 1.0.1-26 or later
For Conectiva Linux containing the mozilla package:
Upgrade to the latest mozilla package, as listed below. Refer to Conectiva Linux Announcement CLSA-2003:568 for more information. See References.
Conectiva Linux 6.0: 1.2.1-1U60_2cl or later
Conectiva Linux 7.0: 1.2.1-1U70_2cl or later
Conectiva Linux 8.0: 1.2.1-1U80_5cl or later
For Conective Linux 8.0 containing the galeon package:
Upgrade to the latest galeon package (1.2.7-1U80_5cl or later), as listed in Conectiva Linux Announcement CLSA-2003:568. See References.
As a workaround, disable JavaScript in your browser.
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Wed Sep 11 2002 - 07:51:12 CDT: Privacy leak in mozilla.
- Conectiva Linux Security Announcement CLSA-2003:568: mozilla -- several vulnerabilities.
- Mozilla.org Bugzilla Bug 145579: Website can see url of page visited after it (document referer used when loading images with javascript is incorrect while loading a new page).
- BID-5694: Mozilla OnUnload Referer Information Leakage Vulnerability
- CVE-2002-1126: Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
- MDKSA-2002:074: Updated mozilla packages fix multiple vulnerabilities
- RHSA-2002-192: Updated Mozilla packages fix security vulnerabilities
- RHSA-2003-046: mozilla security update
Platforms Affected:
- Conectiva Linux 6.0
- Conectiva Linux 7.0
- Conectiva Linux 8.0
- MandrakeSoft Mandrake Linux 8.2 PPC
- MandrakeSoft Mandrake Linux 8.2
- Mozilla Mozilla 1.0
- Mozilla Mozilla 1.0.1
- Mozilla Mozilla 1.1
- Netscape Navigator 7.0
- RedHat Enterprise Linux 2.1 AS
- RedHat Linux 7.2
- RedHat Linux 7.3
- RedHat Linux 8.0
Reported:
Sep 11, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net