Bug 772690

Summary: firefox: drag-and-drop handling same origin policy bypass flaw
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bazanluis20, gecko-bugs-nobody, gecko-bugs-nobody
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-14 06:13:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 772692, 798147    

Description Vincent Danen 2012-01-09 17:04:50 UTC 
It was reported [1],[2] that Firefox suffers from a Drag-and-Drop XSS flaw.  This could allow for the execution of unwanted javascript by copying and pasting it in the address bar, or by dragging and dropping it onto a web page.  Two methods were identified: bypass via letter capitalization and another by use of the feed protocol (the latter does not seem to affect Firefox 3.6.x which reports that the URL is not valid and cannot be loaded).

The upstream bug is currently private and a fix is currently unavailable.

[1] http://soroush.secproject.com/blog/2011/12/drag-and-drop-xss-in-firefox-by-html5-cross-domain-in-frames/
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=704354
Comment 3 Huzaifa S. Sidhpurwala 2012-03-14 06:13:13 UTC 

*** This bug has been marked as a duplicate of bug 803119 ***