You are here: Known Vulnerabilities in Mozilla Products (Firefox 220.127.116.11) > MFSA 2007-30
Mozilla Foundation Security Advisory 2007-30
Title: onUnload Tailgating
Announced: October 18, 2007
Reporter: Michal Zalewski
Products: Firefox, SeaMonkey
Fixed in: Firefox 18.104.22.168
Michal Zalewski demonstrated that onUnload event handlers had access to the address of the new page about to be loaded, even if the navigation was triggered from outside the page content such as by using a bookmark, pressing the back button, or typing an address into the location bar. If the bookmark contained sensitive information in the URL the attacking page might be able to take advantage of it. An attacking page would also be able to redirect the user, perhaps to a phishing page that looked like the site the user thought they were about to visit.