You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-43

Mozilla Foundation Security Advisory 2012-43

Title: Incorrect URL displayed in addressbar through drag and drop
Impact: Moderate
Announced: July 17, 2012
Reporter: Mario Gomes, Code Audit Labs
Products: Firefox

Fixed in: Firefox 14
  Firefox ESR 10.0.6

Description

Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users.

References