OSVDB ID: 8323
Rating: TBD
Disclosure Date: Aug 5, 2004


The TBP extension to Mozilla Firefox contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a new tab is created and a URL is typed directly into the address bar. This tab will incorrectly inherit the URL of the previous tab as an HTTP referrer, even if there was no direct link to the new URL. This will disclose a user's previous browsing information which may include private web space, session information, or login/password information if contained in the referring URL.

Vulnerability Classification:



Upgrade to version 0.6.8 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: disable the TBP extension.

External References:


main page ATTRITION feedback