User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322) Build Identifier: When a user views a page that contains the meta tag for automatic redirection, he/she is redirected (after specified timeout) but Firefox clears the refering URL (refer). SECURITY IMPLICATIONS: This can be used by malevolent people to clear referers. For example, they can steal bandwidth from other sites (and the webmaster of the "robbed" site won't be able to find out where the hot-linked traffic is coming from). They only need to link to a page with zero URL refresh timeout hosted on their server. This page will redirect for example to a zip file download on the server of the victim. (This has in fact happened to us.) The following is the tag that is used for meta refresh redirection: <meta http-equiv="Refresh" content="1; url=http://www.example.com/example.zip"> Maybe this report should be kept confidental so that people don't start to exploit it. Reproducible: Always Actual Results: Referer was not passed (was cleared). Expected Results: The browser should send the URL of the page from which the user is redirected.

*** This bug has been marked as a duplicate of 266554 ***

This is already widely "exploited", and it's a dup of a public bug, so making public.

(In reply to comment #2) > This is already widely "exploited", and it's a dup of a public bug, so making > public. Yes, certainly by giving it even more publicity the number of exploits can only go down. Gee.