Mozilla Foundation Security Advisory 2009-21
Title: POST data sent to wrong site when saving web page with embedded frame
Announced: April 21, 2009
Reporter: Paolo Amadini
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.0.9
Developer and Mozilla community member Paolo Amadini reported that when saving the inner frame of a web page as a file when the outer page has POST data associated with it, the POST data will be incorrectly sent to the URL of the inner frame. This could potentially result in a user's sensitive data being sent to a site for which it was not intended.