Mozilla Firefox May Disclose RSS Feed URLs to Remote Systems
|
|
SecurityTracker Alert ID: 1017421
|
|
SecurityTracker URL: http://securitytracker.com/id?1017421
|
|
CVE Reference: CVE-2006-6506
(Links to External Site)
|
Date: Dec 20 2006
|
Impact: Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Mozilla Foundation Security Advisory
|
Version(s): 2.0
|
Description: A vulnerability was reported in Mozilla Firefox. A remote user may be able to obtain information about which feeds a target user is subscribed to.
When the new 'Feed Preview' feature of Firefox 2.0 retrieves icons for the installed web-based feed viewers, the browser may send
the URL of the feed in a referrer header with each icon request.
Jared Breland reported this vulnerability.
|
Impact: A remote user hosting web-based feed viewers may be able to obtain information about which feeds a target user is subscribed to.
|
Solution: The vendor has issued a fixed version (2.0.0.1).
The Mozilla advisory is available at:
http://www.mozilla.org/security/announce/2006/mfsa2006-75.html
|
Vendor URL: www.mozilla.org/security/announce/2006/mfsa2006-75.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 20 Dec 2006 00:08:12 -0500
Subject: http://www.mozilla.org/security/announce/2006/mfsa2006-75.html
|
CVE-2006-6506
|
|
