Closed Bug 266357 Opened 21 years ago Closed 21 years ago

javascript dialogs can be spoofed with inactive tabs

Categories

(Firefox :: Tabbed Browser, defect)

Product:
Firefox
Component:
Tabbed Browser
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 262887

People

(Reporter: tonglebeak, Assigned: bugs)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1 Follow the link supplied, and follow the directions there. You'll see that a js dialog can be spoofed, and can trick the end user into supplying sensitive information. Reproducible: Always Steps to Reproduce: 1. 2. 3. Actual Results: Displays dialog created by inactive tab. Expected Results: Refused to display the dialog until the tab was re-activated.
Already public (part of bug 262887). Bug 262887 has a partial patch.
Group: security
Isn't that fully covered by bug 262887? Marking as duplicate. *** This bug has been marked as a duplicate of 262887 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.