Mozilla Foundation Security Advisory 2009-21

POST data sent to wrong site when saving web page with embedded frame

Announced

April 21, 2009

Reporter

Paolo Amadini

Impact

Low

Products

Firefox, SeaMonkey

Fixed in

Firefox 3.0.9
SeaMonkey 1.1.17

Description

Developer and Mozilla community member Paolo Amadini reported that when saving the inner frame of a web page as a file when the outer page has POST data associated with it, the POST data will be incorrectly sent to the URL of the inner frame. This could potentially result in a user's sensitive data being sent to a site for which it was not intended.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=471962
CVE-2009-1311

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2009-21

POST data sent to wrong site when saving web page with embedded frame

Description

References