Firefox geolocation consent hijack demo

Original post here.

Note that this demo is specific to Firefox on Windows, and may not work as expected on other systems or in non-standard screen configurations (dpi, etc); these factors could be accounted for, though. In principle, all browsers supporting the geolocation API seem to be vulnerable.

This proof-of-concept is non-disruptive, and if successful, will not send your data anywhere. Complain to <lcamtuf@coredump.cx> as appropriate.