User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0 Build ID: 20120215222917 Steps to reproduce: I have an open tab with my gmail account most of the time when I'm in browser. Recently for temporary usage I changed my gmail password. Unfortunately, this temporary password is the same as I use it for "garbage" sites which demands to register. So, I always register with other account (even not gmail account) to these sites, but as I said with the same password as my gmail account :(. Actual results: my gmail hijacked!!! :((( I think the scenario is: when I do mouse over the gmail tab it always shows: blahblahblah - myUserName@gmail.com the "garbage" site runs some script which captures myUserName@gmail.com, then it uses the same password I entered there during the register process and WALLA, we have gmail account with password. :((( I think most of the users use the same password everywhere. My point is that I think that have to be no way to scripts to see other tabs, cookies, etc.... I guess it is a heavy security bug :(. Expected results: It shouldn't happened ;).
What lets you believe that other sites can read anything from a third page opened in a different tab/window ? Other sites can't read the cookies and contents of other opened pages and that includes the title.
well, I'm not a web programmer but if we take let's say this link: http://code.google.com/chrome/extensions/dev/content_scripts.html which talks exactly about cross site, script injection, and security vulnerability. It talks about Chrome but I guess I can find same about FF. here quick google results exactly what I'm talking about: http://www.autohotkey.com/forum/topic21491.html **again, I don;t have a clue how to check it but the last link title sounds "promising".
BTW: The second URL in comment#2 is for an application that runs on your system. Any application running on your system with enough privileges (administrator rights)can do everything it wants on the whole system. It can log your entered keys in all applications, replace the Firefox installation with a Opera one, intercept the network traffic between the browser and the Internet ....