You are here: Known Vulnerabilities in Mozilla Products (Firefox 2.0.0.8) > MFSA 2007-30

Mozilla Foundation Security Advisory 2007-30

Title: onUnload Tailgating
Impact: Low
Announced: October 18, 2007
Reporter: Michal Zalewski
Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.8
  SeaMonkey 1.1.5

Description

Michal Zalewski demonstrated that onUnload event handlers had access to the address of the new page about to be loaded, even if the navigation was triggered from outside the page content such as by using a bookmark, pressing the back button, or typing an address into the location bar. If the bookmark contained sensitive information in the URL the attacking page might be able to take advantage of it. An attacking page would also be able to redirect the user, perhaps to a phishing page that looked like the site the user thought they were about to visit.

References