Incorrect URL displayed in addressbar through drag and drop

ID MFSA2012-43
Type mozilla
Reporter Mozilla Foundation
Modified 2012-07-17T00:00:00


Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users.