ie4 messes around with referrer-string

[meinbugtraq () GMX NET (bungle)]

After seeing the posts about the ValueClick posts,
I consider a ie4-"feature" I just found annoying may
in fact be security related.

description: when openening a url in a new window and
continuing with a bookmark back in the old window,
ie4 permanently sends the url of the new window
as referrer-string in the old window.

- tested with ie 4.01 german (just on one win95 system).

The short description is a little bit confused, so step by step:
REMARK: hostA, hostB are just dummi-names!

1) start ie
2) goto www.hostA.com (typing the url in ie4)
3) open a url from hostA in new-window, for example www.hostA.com/index2.htm
4) change back to first ie-window, and - via bookmark - goto www.hostB.com.
   hostB has a link on it where it shows the referrer
   (i.e. via javascript : document.referrer)
5) click the link on hostB, it _should_ give 'www.hostB.com' as referrer,
   but it shows 'www.hostA.com/index2.htm'.

I have no www-site at hand, but for easy testing setup a local
webserver (for hostB) and use this short file


<html>
<SCRIPT>
function getReferrer() {
return document.referrer
}
</SCRIPT>
<HEAD>
<SCRIPT>
document.write ("referrer: ", getReferrer());
</SCRIPT>
</HEAD>
</body>
</html>


Other observations:
This behavior holds on for more than one click on www.hostB.com, you
may reload the page or walk around at hostB, always the false referrer
is delivered.