Mozilla Foundation Security Advisory 2006-75

RSS Feed-preview referrer leak

Announced

December 19, 2006

Reporter

Jared Breland

Impact

Low

Products

Firefox

Fixed in

Firefox 2.0.0.1

Description

Jared Breland reported on LEGROOM.net that when the new "Feed Preview" feature in Firefox 2.0 retrieves the icons of the installed web-based feed viewers it is potentially informing those services of your feed-browsing habits by sending the URL of the feed in a referrer header with each icon request.

This was an oversight and has been fixed in Firefox 2.0.0.1

Workaround

Upgrade to Firefox 2.0.0.1

References

LEGROOM.net blog
https://bugzilla.mozilla.org/show_bug.cgi?id=358878
CVE-2006-6506

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice