Closed Bug 376629 Opened 16 years ago Closed 16 years ago

Attacker can simulate drag + drop

Categories

(Firefox :: General, defect)

2.0 Branch
x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 329385

People

(Reporter: pvnick, Unassigned)

Details

(Whiteboard: [sg:dupe 329385])

Attachments

(1 file)

Using window.moveBy, moveTo, resizeBy, and resizeTo, an attacker can simulate a user dragging and dropping an item.

Expected results:
Drag and drop should be user-driven only

Actual results:
Script can cause drag and drop

Example:
<a href="http://google.com" onmousedown="window.moveBy(1,1)">mouse down</a>
Notice that the cursor changes to reflect a drag+drop. This bug can be  made more dangerous when combined with another bug, as shown in the attachment
Whoops, already submitted this awhile ago.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 329385]
Group: core-security
You need to log in before you can comment on or make changes to this bug.