You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2009-21

Mozilla Foundation Security Advisory 2009-21

Title: POST data sent to wrong site when saving web page with embedded frame
Impact: Low
Announced: April 21, 2009
Reporter: Paolo Amadini
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.0.9
  SeaMonkey 1.1.17

Description

Developer and Mozilla community member Paolo Amadini reported that when saving the inner frame of a web page as a file when the outer page has POST data associated with it, the POST data will be incorrectly sent to the URL of the inner frame. This could potentially result in a user's sensitive data being sent to a site for which it was not intended.

References