Mozilla Foundation Security Advisory 2006-75

RSS Feed-preview referrer leak

Announced

December 19, 2006

Reporter

Jared Breland

Impact

Low

Products

Firefox

Fixed in

Firefox 2.0.0.1

Description

Jared Breland reported on LEGROOM.net that when the new "Feed Preview" feature in Firefox 2.0 retrieves the icons of the installed web-based feed viewers it is potentially informing those services of your feed-browsing habits by sending the URL of the feed in a referrer header with each icon request.

This was an oversight and has been fixed in Firefox 2.0.0.1

Workaround

Upgrade to Firefox 2.0.0.1

References

LEGROOM.net blog
https://bugzilla.mozilla.org/show_bug.cgi?id=358878
CVE-2006-6506

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising