Firefox File Focus Stealing.

Publicated on : 1183204555
A small update on what's happening. Hong has found a focus diversion flaw in Firefox which allows files to be uploaded. Normally it is not allowed to steal focus on form objects, but the cleverness of this hack lies in that Hong uses the HTML tag <label>. When a label get focus, the focus will transfer to other element pointed by the "for" attribute. So it can bypass the restriction. Very clever!

Original post: