Mozilla Foundation Security Advisory 2009-21

POST data sent to wrong site when saving web page with embedded frame

Announced
April 21, 2009
Reporter
Paolo Amadini
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.0.9
  • SeaMonkey 1.1.17

Description

Developer and Mozilla community member Paolo Amadini reported that when saving the inner frame of a web page as a file when the outer page has POST data associated with it, the POST data will be incorrectly sent to the URL of the inner frame. This could potentially result in a user's sensitive data being sent to a site for which it was not intended.

References