Closed Bug 376629 Opened 17 years ago Closed 17 years ago

Attacker can simulate drag + drop

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
2.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 329385

People

(Reporter: pvnick, Unassigned)

Details

(Whiteboard: [sg:dupe 329385])

Attachments

(1 file)

double-clicking a webpage item can cause xss
1.46 KB, text/html
Details 
Using window.moveBy, moveTo, resizeBy, and resizeTo, an attacker can simulate a user dragging and dropping an item.

Expected results:
Drag and drop should be user-driven only

Actual results:
Script can cause drag and drop

Example:
<a href="http://google.com" onmousedown="window.moveBy(1,1)">mouse down</a>
Notice that the cursor changes to reflect a drag+drop. This bug can be  made more dangerous when combined with another bug, as shown in the attachment
Whoops, already submitted this awhile ago.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 329385]
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: