294453 - Email client launches when moving mouse over page elements

Status: RESOLVED DUPLICATE of bug 248920

(Firefox :: Security, defect)

Description

[Frank]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

When scrolling over any of the buttons, images, or links at
http://www.digicrime.com/noprivacy.html, the Default mail client launches
automatically and attempts to send mail without user interaction beyond
scrolling over a page element. 

Reproducible: Always

Steps to Reproduce:
1.Open Firefox and go to http://www.digicrime.com/noprivacy.html
2.Scroll over or click on one of the links, images, or buttons
Actual Results:  
Default mail program opened and attempted to send mail without user
authorization or interaction

Expected Results:  
Fx should have not launched the client or any other software without user
clicking a link to intentionally send mail or other information. 

Javascript console returned a warning:
Warning: Form contains enctype=text/plain, but does not contain method=post. 
Submitting normally with method=GET and no enctype instead.
Source File: /noprivacy.html
Line: 0

Comment 1

[Frank]

Suggested workaround by the author is to disable Javascript, but I find this
unacceptable due to the prevalence of JavaScript in an average user's web content.
Netscape also supposedly patched the bug, but it works without a hitch in Fx
with JavaScript enabled.

Comment 2

[Frank]

Attachment: .PNG screenshot of exploit and Javascript console output

Contains Javascript console error output mentioned in 1st comment, as well as a
JavaScript popup that displays just before or immediately after the script has
run when a user scrolls over one of the mentioned page elements, triggering the
exploit.

Comment 3

[Phil Ringnalda (:philor)]

*** This bug has been marked as a duplicate of 248920 ***