Javascript prompt origin spoofing

ID MFSA2005-54
Type mozilla
Reporter Mozilla Foundation
Modified 2005-07-12T00:00:00


Alerts and prompts created by scripts in web pages are presented with the generic title [JavaScript Application] which sometimes makes it difficult to know which site created them. A malicious page could attempt to cause a prompt to appear in front of a trusted site in an attempt to extract information such as passwords from the user. In the fixed version these prompts will contain the hostname from the page which created it.