Closed Bug 266357 Opened 20 years ago Closed 20 years ago

javascript dialogs can be spoofed with inactive tabs

Tracking

()

Status:

VERIFIED DUPLICATE of bug 262887

People

(Reporter: tonglebeak, Assigned: bugs)

References

(
URL
)

Details

Aaron Slunt

Reporter

Description

•

20 years ago

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1

Follow the link supplied, and follow the directions there. You'll see that a js
dialog can be spoofed, and can trick the end user into supplying sensitive
information.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Actual Results:  
Displays dialog created by inactive tab.

Expected Results:  
Refused to display the dialog until the tab was re-activated.

Jesse Ruderman

Comment 1

•

20 years ago

Already public (part of bug 262887).  Bug 262887 has a partial patch.

Group: security

Henrik Skupin [:whimboo][⌚️UTC+2]

Comment 2

•

20 years ago

Isn't that fully covered by bug 262887? Marking as duplicate.

*** This bug has been marked as a duplicate of 262887 ***

Status: UNCONFIRMED → RESOLVED

Closed: 20 years ago

Resolution: --- → DUPLICATE

Mike Kowalski

Updated

•

20 years ago

Status: RESOLVED → VERIFIED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

javascript dialogs can be spoofed with inactive tabs

Categories

(Firefox :: Tabbed Browser, defect)

Tracking

()

People

(Reporter: tonglebeak, Assigned: bugs)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Updated