Closed Bug 301275 Opened 14 years ago Closed 14 years ago
Cross site scripting vulnerability from secure to non-secure
Mozilla 1.7.8 Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.8) Gecko/20050511 A simple script allows to send data from a secure page to another spying server. The user is not alerted and the secure lock icon is shown. Please refer to the attached testcase. This vulnerability has not been made public and I do not intend to publish it.
Not showing the mixed state for these images is a bug, but the testcase as designed shows maliciousness or a server doing stupid things. If either is the case fixing the non-SSL image detection bug isn't going to help you, the server could be malicious or stupid out the back end where the browser can't detect it. *** This bug has been marked as a duplicate of 135007 ***
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.