Created attachment 599561 [details] TESTCASE2.0-document.location geolocalisation.zip User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 Build ID: 20120215223356 Steps to reproduce: Like bug 575294 , Firefox 10.0.1 shows the dropdown menu for <select> elements as an always-on-top chromeless window. It also allows arbitrary HTML content to be rendered in the <option> elements within the <select>. with location.href and geolocalisation we can cover a JAVA Applet or a XPI for evil. Actual results: This bug demonstrates than an attacker can cover a JAVA Applet or a XPI for evil. I think this issue is critical.
Is the underlying issue here any different from that in bug 726264?
Status: UNCONFIRMED → NEW
Ever confirmed: true
The method used to trigger the navigation is irrelevant to the floating select issue.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 726264]
Duplicate of bug: 726264
You need to log in before you can comment on or make changes to this bug.