Mozilla Foundation Security Advisory 2012-03

<iframe> element exposed across domains via name attribute

Announced

January 31, 2012

Reporter

Vitaly Nevgen

Impact

High

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

Firefox 10
SeaMonkey 2.7
Thunderbird 10

Description

Vitaly Nevgen reported that an attacker could replace a sub-frame in another domain's document by using the name attribute of the sub-frame as a form submission target. This can potentially allow for phishing attacks against users and violates the HTML5 frame navigation policy.

Firefox 3.6 and Thunderbird 3.1 are not affected by this vulnerability.

References

<iframe> element is exposed across domains by its name attribute
CVE-2012-0445
Security navigation section of the HTML5 specification

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2012-03

<iframe> element exposed across domains via name attribute

Description

References