Created attachment 260741 [details] double-clicking a webpage item can cause xss Using window.moveBy, moveTo, resizeBy, and resizeTo, an attacker can simulate a user dragging and dropping an item. Expected results: Drag and drop should be user-driven only Actual results: Script can cause drag and drop Example: <a href="http://google.com" onmousedown="window.moveBy(1,1)">mouse down</a> Notice that the cursor changes to reflect a drag+drop. This bug can be made more dangerous when combined with another bug, as shown in the attachment
Whoops, already submitted this awhile ago.
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 329385
You need to log in before you can comment on or make changes to this bug.