Okay the mozilla privacy leak has been getting a *lot* of press. The
latest nightlies have the patch. But if you can't run the unstable
version here are a few work arounds. 

This is the preferred work around. 

add the following lines to all your *.js (esp user.js) files
user_pref("capability.policy.default.Window.onunload", "noAccess");

This one works 
Add the following line to your user.js file
user_pref("network.http.sendRefererHeader", 0); 

Note this has some side effects on the server side. 

However of course the best thing to do is either grab the nightly or if
you're compiling your own version of mozilla get the patch from bug
145579. I expect Netscape will soon come out for a easy installer for
their version of mozilla (though I haven't actally heard this). The work
arounds should work for any version of Mozilla however. 

Carl Parrish



http://www.idg.net/go.cgi?id=742403