Closed Bug 295995 Opened 20 years ago Closed 19 years ago

Can reroute trusted events

Tracking

()

Status:

RESOLVED INVALID

People

(Reporter: pop2.bugzilla, Unassigned)

Details

(Whiteboard: [sg:needinfo])

Hish

Reporter

Description

•

20 years ago

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511

I can reroute trusted events to any other window

Reproducible: Always

Steps to Reproduce:
<script>
var frm;
function init() {
  frm=frames[0];
  frm.document.designMode='on';
}
function reroute(evt) {
  frm.focus();
}
</script>
<body onload="init()" onclick="reroute(event)">
<iframe />
Actual Results:  
When typing something, everything is routed to the hidden iframe without
informing the user.

Expected Results:  
Trusted events shouldn't be reroutable without permission.

Jesse Ruderman

Comment 1

•

19 years ago

This doesn't look like a security hole to me.  The code in comment 0 doesn't
appear to be rerouting trusted events to chrome or another site, but rather
simply changing focus to an iframe.  Why is this a security hole?  Am I missing
something?

Jesse Ruderman

Updated

•

19 years ago

Whiteboard: [sg:needinfo]

Daniel Veditz [:dveditz]

Comment 2

•

19 years ago

I can't get this testcase to do anything, in fact. Perhaps it was trimmed too
much from something larger?

Group: security

Status: UNCONFIRMED → RESOLVED

Closed: 19 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Can reroute trusted events

Categories

(Firefox :: Security, defect)

Tracking

()

People

(Reporter: pop2.bugzilla, Unassigned)

References

Details

(Whiteboard: [sg:needinfo])

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 2