Mozilla Foundation Security Advisory 2007-30

2007-10-23T00:00:00
ID SECURITYVULNS:DOC:18257
Type securityvulns
Reporter Securityvulns
Modified 2007-10-23T00:00:00

Description

Mozilla Foundation Security Advisory 2007-30

Title: onUnload Tailgating Impact: Low Announced: October 18, 2007 Reporter: Michal Zalewski Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description

Michal Zalewski demonstrated that onUnload event handlers had access to the address of the new page about to be loaded, even if the navigation was triggered from outside the page content such as by using a bookmark, pressing the back button, or typing an address into the location bar. If the bookmark contained sensitive information in the URL the attacking page might be able to take advantage of it. An attacking page would also be able to redirect the user, perhaps to a phishing page that looked like the site the user thought they were about to visit. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=371360
* CVE-2007-1095