Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2008-16

HTTP Referrer spoofing with malformed URLs

Announced
March 25, 2008
Reporter
Gregory Fleischer, RSnake
Impact
Moderate
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 2.0.0.13
  • SeaMonkey 1.1.9

Description

Security researcher Gregory Fleischer demonstrated a problem with the HTTP Referer: (sic) header sent with requests to URLs containing Basic Authentication credentials with empty usernames. In these cases a number of leading characters, based on the length of the password in the URL, are removed from the referrer hostname. Fleischer pointed out that websites which only check the Referer: header to protect against Cross-Site Request Forgery (CSRF) could be attacked using this flaw. This concept was based on and expanded from a post to the sla.ckers.org forum by security researcher RSnake.

References