1. Load http://nastyarea.bigfast.net/te277/. 2. Drag one of the image links into another Mozilla window. No referer is sent, so the link gives a 403-forbidden error.

qa contact -> pmac

By the definitions on <http://bugzilla.mozilla.org/bug_status.html#severity> and <http://bugzilla.mozilla.org/enter_bug.cgi?format=guided>, crashing and dataloss bugs are of critical or possibly higher severity. Only changing open bugs to minimize unnecessary spam. Keywords to trigger this would be crash, topcrash, topcrash+, zt4newcrash, dataloss.

Dragging a link (e.g. to about:config) also fails to check whether the page is allowed to link to the URL.

Brant, care to explain why this bug is marked critical? I don't even think the "dataloss" keyword is justified. Relying on HTTP_REFERER for authentication (as suggested by Jesse) is a Bad Idea. Btw, the example URL now redirects to a hardcore site. Is it supposed to?

The original URL was a porn site. It is now gone. Try a link to http://www.delorie.com:81/some/url.html instead. Not dataloss, so not critical. By the way, I didn't suggest using referer, nor do porn sites use the referer to authenticate users. Porn sites use the referer to make sure other sites don't embed their images.

dragging is a shortcut for copy-paste-go so expect the behavior to be the same