Closed Bug 376635 Opened 18 years ago Closed 15 years ago

Attacker can trick user into bookmarking a dangerous link

Categories

(Firefox :: Bookmarks & History, defect)

Product:
Firefox
Component:
Bookmarks & History
Version:
2.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 249747

People

(Reporter: pvnick, Unassigned)

Details

(Whiteboard: [sg:want])

Attachments

(1 file)

double-clicking a link can cause xss
1.46 KB, text/html
Details 
If a user decides to bookmark a link by dragging it to the bookmark toolbar, the dangerous protocol security measures can be circumvented by changing the location pointed to by the link from a valid webpage to a dangerous url.

Example:
<a href="http://google.com" id="mylink" onmousedown="mylink.href='javascript:alert(location)'">drag to bookmark toolbar</a>

This bug can be combined with another bug to cause XSS as shown in the attachment
This kind of seems like a combination of bug 371179 and bug 249747.
Hmm... I could have sworn Firefox on my computer wasn't allowing me to bookmark javascript: or data: urls unless I dynamically changed the href attribute to such an url. Now that I try it, it works.

Oh well. When (if) bug 371179 gets patched, use this bug as a variation test :P
Group: security
Depends on: 249747, 371179
Whiteboard: [sg:want]
Status: NEW → RESOLVED
Closed: 15 years ago
No longer depends on: 249747, 371179
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: