Mozilla Foundation Security Advisory 2009-21

Type securityvulns
Reporter Securityvulns
Modified 2009-04-23T00:00:00


Mozilla Foundation Security Advisory 2009-21

Title: POST data sent to wrong site when saving web page with embedded frame Impact: Low Announced: April 21, 2009 Reporter: Paolo Amadini Products: Firefox, SeaMonkey

Fixed in: Firefox 3.0.9 SeaMonkey 1.1.17 Description

Developer and Mozilla community member Paolo Amadini reported that when saving the inner frame of a web page as a file when the outer page has POST data associated with it, the POST data will be incorrectly sent to the URL of the inner frame. This could potentially result in a user's sensitive data being sent to a site for which it was not intended. References

* CVE-2009-1311