Open Bug 760006 Opened 12 years ago Updated 3 years ago

Drag-and-drop may be used to inject content across domains

Categories

(Core :: DOM: Copy & Paste and Drag & Drop, defect, P5)

x86
Windows XP
defect

Tracking

()

UNCONFIRMED

People

(Reporter: bugzilla, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
Build ID: 20120420145725

Steps to reproduce:

Bug 605991 stopped content from being extracted from cross-domain iframes. However content can still be dragged into iframes. This behaviour can be used in UI redressing attacks to trick the user into filling in form fields (e.g. update a user's email address to steal their account)

Both IE10 and Chrome prevent dragging into cross-origin iframes - Firefox should probably match that behaviour.

Bulk-downgrade of unassigned, >=3 years untouched DOM/Storage bug's priority.

If you have reason to believe this is wrong, please write a comment and ni :jstutte.

Severity: normal → S4
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.