Friday, May 14, 2021

Mozilla Flaw Springs Privacy Leak

Researchers have found a flaw in Mozilla-based browsers that springs data on
the Web surfing movements of users.

Head researcher at Neopoly Sven Neuhaus said the bug, first discovered
in May, is a serious privacy issue.

In a demonstration of
the flaw, Neuhaus says it exposes the URL of the page a user is viewing to
the Web server of the site visited last, allowing a Web site to track where
a viewer goes next regardless of whether the URL is entered manually or via
a bookmark.

“This bug is still present in the Mozilla 1.1 release… It’s been three
months,” Neuhaus said in a plea for a fix on Bugzilla, the site used to
track vulnerabilities in Mozilla releases.

It affects Mozilla browser versions 0.9x, 1.0, 1.0.1, 1.1 and 1.2 alpha;
Netscape 6.x and 7; Galeon 1.2.x and Chimera 0.5.

Mozilla users are urged to disable JavaScript as a temporary workaround
until a fix is issued. The flaw exists in the “onunload” handler which
loads an image from the referring server about a user’s surfing movements.

In addition to disabling JavaScript, users can avoid the bug by creating a
file “user.js” in the profile folder (the one with the pref.js file) and put
the following line in the file:
user_pref(“capability.policy.default.Window.onunload”, “noAccess”);

This stops the “onunload” handler from being activated., the open source browser project backed by AOL Time Warner
, just released
the 1.1 upgrade to provide increased support for Linux and Mac platforms but
the privacy flaw remains in the upgrade, Neuhaus said.

Similar articles

Latest Articles

Database-Tuning Platform Launches and...

PITTSBURGH — A team out of Carnegie Mellon University is launching its automatic database-tuning product today with the help of $2.5 million in funding.   OtterTune,...

Top 10 Professional Services...

Professional services automation (PSA) software aims to offer service-based companies most of the software they will need to run their businesses in one package....

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...

Dell APEX: Our...

One of the missteps IBM made last century was collapsing their sales model, which was services based, to generate a short-term revenue spike. Up...