Closed
Bug 729475
Opened 12 years ago
Closed 12 years ago
Firefox 10.0.X : Navigation away from a page with multiple active <select> dropdown menu can be used for Spoofing And ClickJacking with XPI using location.href and geolocalisation
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 726264
People
(Reporter: jordi.chancel, Unassigned)
References
()
Details
(Whiteboard: [sg:dupe 726264])
Attachments
(1 file)
41.03 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 Build ID: 20120215223356 Steps to reproduce: Like bug 575294 , Firefox 10.0.1 shows the dropdown menu for <select> elements as an always-on-top chromeless window. It also allows arbitrary HTML content to be rendered in the <option> elements within the <select>. with location.href and geolocalisation we can cover a JAVA Applet or a XPI for evil. Actual results: This bug demonstrates than an attacker can cover a JAVA Applet or a XPI for evil. I think this issue is critical.
Reporter | ||
Updated•12 years ago
|
Comment 1•12 years ago
|
||
Is the underlying issue here any different from that in bug 726264?
Reporter | ||
Comment 2•12 years ago
|
||
Al Billings want that i report this because it uses other javascript function (location.href / not window.open)!
Comment 3•12 years ago
|
||
(In reply to Jordi Chancel from comment #2) > Al Billings want that i report this because it uses other javascript > function (location.href / not window.open)! Okay :) I'll Cc the developers from the other bug so they can check if there's a different problem here or just another manifestation of the same problem (I cannot really judge that).
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 4•12 years ago
|
||
The method used to trigger the navigation is irrelevant to the floating select issue.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 726264]
Reporter | ||
Updated•9 years ago
|
Alias: -CVE-2012-3984-
Reporter | ||
Updated•9 years ago
|
Alias: -CVE-2012-3984-
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•