<iframe> element exposed across domains via name attribute
- January 31, 2012
- Vitaly Nevgen
- Firefox, SeaMonkey, Thunderbird
- Fixed in
- Firefox 10
- SeaMonkey 2.7
- Thunderbird 10
Vitaly Nevgen reported that an attacker could replace a sub-frame in another domain's document by using the name attribute of the sub-frame as a form submission target. This can potentially allow for phishing attacks against users and violates the HTML5 frame navigation policy.
Firefox 3.6 and Thunderbird 3.1 are not affected by this vulnerability.