• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Netscape 'document.referrer' User Information Disclosure Vulnerability

Certain versions of Netscape use a specific URL scheme for 'document.referrer' information. The URL conatins the path to the user's mail folder, system login credentials and possibly the path to the location where Netscape resides.

If a mail message containing a link to a website is read using Netscape, upon clikcing on the link, Netscape may send the 'document.referrer' URL in the scheme which will divulge privileged information. This is dependant on the target website. If the website has implemented the 'document.referrer' feature, certain versions of Netscape will return the user's mail folder, system login credentials and possibly the path to the location where Netscape resides.