Head researcher at Neopoly Sven Neuhaus said the bug, first discovered in May, is a serious privacy issue.
In a demonstration of the flaw, Neuhaus says it exposes the URL of the page a user is viewing to the Web server of the site visited last, allowing a Web site to track where a viewer goes next regardless of whether the URL is entered manually or via a bookmark.
"This bug is still present in the Mozilla 1.1 release... It's been three months," Neuhaus said in a plea for a fix on Bugzilla, the site used to track vulnerabilities in Mozilla releases.
It affects Mozilla browser versions 0.9x, 1.0, 1.0.1, 1.1 and 1.2 alpha; Netscape 6.x and 7; Galeon 1.2.x and Chimera 0.5.
Mozilla.org, the open source browser project backed by AOL Time Warner
, just released
the 1.1 upgrade to provide increased support for Linux and Mac platforms but
the privacy flaw remains in the upgrade, Neuhaus said.