The underlying problem is pretty cute: most browsers can be programatically prevented from dequeuing and processing UI events delivered by the operating system; canonical examples involve using busy JavaScript loops, blocking XMLHttpRequest calls, and particularly complex HTML or XML documents.
Upon leaving this state, the queued events may not be properly purged, and may end up getting delivered to an incorrect and unexpected context - possibly carrying out an undesirable action in another domain, or interacting with browser chrome.
I filed bug 608899 for this particular demo in Firefox - but given the general, cross-browser state of disrepair when it comes to UI timing and related attacks, I am not getting my hopes up.
0 nhận xét:
Đăng nhận xét