Mozilla Foundation Security Advisory 2013-60

getUserMedia permission dialog incorrectly displays location

Announced
June 25, 2013
Reporter
Matt Wobensmith
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 22

Description

Mozilla engineer Matt Wobensmith discovered that when the getUserMedia permission dialog for an iframe appears in one domain, it will display its origin as that of the top-level document and not the calling framed page. This could lead to users incorrectly giving camera or microphone permissions when confusing the requesting page's location for a hosting one's.

References