javascript dialogs can be spoofed with inactive tabs

VERIFIED DUPLICATE of bug 262887

Status

()

defect
--
critical
VERIFIED DUPLICATE of bug 262887
15 years ago
15 years ago

People

(Reporter: tonglebeak, Assigned: bugs)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

()

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1

Follow the link supplied, and follow the directions there. You'll see that a js
dialog can be spoofed, and can trick the end user into supplying sensitive
information.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Actual Results:  
Displays dialog created by inactive tab.

Expected Results:  
Refused to display the dialog until the tab was re-activated.
Already public (part of bug 262887).  Bug 262887 has a partial patch.
Group: security
Isn't that fully covered by bug 262887? Marking as duplicate.

*** This bug has been marked as a duplicate of 262887 ***
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.