Modernizing Authentication — What It Takes to Transform Secure Access
Head researcher at Neopoly Sven Neuhaus said the bug, first discovered in May, is a serious privacy issue.
In a demonstration of the flaw, Neuhaus says it exposes the URL of the page a user is viewing to the Web server of the site visited last, allowing a Web site to track where a viewer goes next regardless of whether the URL is entered manually or via a bookmark.
"This bug is still present in the Mozilla 1.1 release... It's been three months," Neuhaus said in a plea for a fix on Bugzilla, the site used to track vulnerabilities in Mozilla releases.
Mozilla.org, the open source browser project backed by AOL Time Warner
, just released
the 1.1 upgrade to provide increased support for Linux and Mac platforms but
the privacy flaw remains in the upgrade, Neuhaus said.