Closed Bug 376629 Opened 18 years ago Closed 18 years ago

Attacker can simulate drag + drop

Tracking

()

Status:

RESOLVED DUPLICATE of bug 329385

People

(Reporter: pvnick, Unassigned)

Details

(Whiteboard: [sg:dupe 329385])

Attachments

(1 file)

double-clicking a webpage item can cause xss 18 years ago Paul Nickerson 1.46 KB, text/html		Details

Paul Nickerson

Reporter

Description

•

18 years ago

Attached file double-clicking a webpage item can cause xss — Details

Using window.moveBy, moveTo, resizeBy, and resizeTo, an attacker can simulate a user dragging and dropping an item. Expected results: Drag and drop should be user-driven only Actual results: Script can cause drag and drop Example: <a href="http://google.com" onmousedown="window.moveBy(1,1)">mouse down</a> Notice that the cursor changes to reflect a drag+drop. This bug can be made more dangerous when combined with another bug, as shown in the attachment

Paul Nickerson

Reporter

Comment 1

•

18 years ago

Whoops, already submitted this awhile ago.

Status: NEW → RESOLVED

Closed: 18 years ago

Resolution: --- → DUPLICATE

Daniel Veditz [:dveditz]

Updated

•

17 years ago

Whiteboard: [sg:dupe 329385]

Daniel Veditz [:dveditz]

Updated

•

16 years ago

Group: core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Attacker can simulate drag + drop

Categories

(Firefox :: General, defect)

Tracking

()

People

(Reporter: pvnick, Unassigned)

References

Details

(Whiteboard: [sg:dupe 329385])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Updated

Attachment

General

Description

File Name

Content Type