Closed
Bug 296190
Opened 20 years ago
Closed 19 years ago
mailto is automatically opened upon page-visit without javascript enabled
Categories
(Firefox :: File Handling, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 181860
People
(Reporter: floris, Unassigned)
References
()
Details
(Whiteboard: [sg:dos])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 It is allowed apperantly to have a mailto: url in an img tag. This will automatically open the default mailclient and starts a new message. See URL for results. Sometimes it opens 3 mail windows, sometimes 1. Since the default mailclient could be anything, a javascript injection could be possible. In my case, even though I have thunderbird installed as DEFAULT, Firefox STILL OPENED Outlook Express! Internet Explorer features the same bug. Reproducible: Always Steps to Reproduce: 1. make a page with <img src="mailto:whatever"> 2. load page 3. Actual Results: opens a new mail window Expected Results: disallow mailto in passive urls such as images and NOT open a mail window
Updated•20 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [sg:dos]
Updated•19 years ago
|
Group: security
Comment 1•19 years ago
|
||
*** This bug has been marked as a duplicate of 181860 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•