Mozilla Foundation Security Advisory 2013-105

Application Installation doorhanger persists on navigation

Announced
December 10, 2013
Reporter
Myk Melez
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 26

Description

Mozilla developer Myk Melez reported that with specifically timed page navigation, the doorhanger notification for Web App installation could persist from one site to another without being dismissed by the navigation. This could be used by a malicious site to trick a user into installing an application from one site while making it appear to come from another.

References