Closed Bug 265267 Opened 20 years ago Closed 20 years ago

[Secunia ] - Links opened in new tab from malicious site can steal form info across tabs

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 262887

People

(Reporter: patrick.hendriks+bugzilla, Assigned: dveditz)

References

(
URL
)

Details

Inactive tabs can gain focus from form fields on web sites in another tab. This can potentially be exploited to collect sensitive data entered in form fields on other web sites. Successful exploitation would normally require that a user is tricked into opening a link from a malicious web site to a trusted web site in a new tab.
most of this can be tracked in https://bugzilla.mozilla.org/show_bug.cgi?id=124750 In quickly running the secunia test case its not clear to me which window hosts that intermediate dialog window... does anyone know? I don't see any focus stealing or keystroke interception from the citibank page itself using the latest firefox 1.0 candidate builds.
*** This bug has been marked as a duplicate of 262887 ***
Group: security
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.