If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Attacker can simulate drag + drop

RESOLVED DUPLICATE of bug 329385

Status

()

Firefox
General
RESOLVED DUPLICATE of bug 329385
11 years ago
9 years ago

People

(Reporter: Paul Nickerson, Unassigned)

Tracking

2.0 Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dupe 329385])

Attachments

(1 attachment)

(Reporter)

Description

11 years ago
Created attachment 260741 [details]
double-clicking a webpage item can cause xss

Using window.moveBy, moveTo, resizeBy, and resizeTo, an attacker can simulate a user dragging and dropping an item.

Expected results:
Drag and drop should be user-driven only

Actual results:
Script can cause drag and drop

Example:
<a href="http://google.com" onmousedown="window.moveBy(1,1)">mouse down</a>
Notice that the cursor changes to reflect a drag+drop. This bug can be  made more dangerous when combined with another bug, as shown in the attachment
(Reporter)

Comment 1

11 years ago
Whoops, already submitted this awhile ago.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 329385
Whiteboard: [sg:dupe 329385]
Group: core-security
You need to log in before you can comment on or make changes to this bug.