Mozilla Foundation Security Advisory 2015-49

Referrer policy ignored when links opened by middle-click and context menu

Announced
May 12, 2015
Reporter
Alex Verstak
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 38
  • SeaMonkey 2.35

Description

Security researcher Alex Verstak reported that <meta name="referrer"> is ignored when a link is opened through the context menu or a middle-click by mouse. This means that, in some situations, the referrer policy is ignored when opening links in new tabs and may cause some pages to open without an HTTP Referer header being set according to the author's intended policy.

References