Mozilla OnUnload Referer Information Leakage Race Condition Information Disclosure (deprecated)

low Nessus Network Monitor Plugin ID 1316

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running a version of the Mozilla browser that has a problem in its implementation of the JavaScript "onUnload" event handler that has the potential to leak sensitive information to websites. When other pages are launched using the event handler, the vulnerable client encapsulates the address of the next page that is visited in the HTTP referer field. The correct behavior is to include the address of the previously visited page in the HTTP referer field. Using this handler, a webpage can cause the browser to link information about the next page that was visited.

Solution

Upgrade to the latest version of Mozilla.

Plugin Details

Severity: Low

ID: 1316

Family: SMTP Clients

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:mozilla

Reference Information

CVE: CVE-2002-1126

BID: 5694

Detections

Analytics