Closed Bug 152073 Opened 22 years ago Closed 22 years ago

Popup windows can be opened automatically despite disabling open during load

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 144726

People

(Reporter: bugspam, Assigned: security-bugs)

References

(
URL
)

Details

The page at http://www.youmustbejoking.demon.co.uk/formpopup.html shows how a
popup window (or two) can be opened despite Mozilla being configured to disable
window.open() while loading a page.

It seems to me that MANY windows can be opened in this way, potentially using
up the machine's memory; if you reload the first popup window in my sequence,
it'll create a third popup with the same content as the second. From here to
memory exhaustion is but a simple step; a small change to the HTML.

I suggest that, for when a page is being loaded, EITHER a pref be added to
control whether form submission should be disabled OR the existing
disable-open() pref should be extended to cover this.

[I'm using Mozilla 1.0.0-1 (Debian unstable); however, I do not believe that
this issue is specific to this version.]
hmm..

wfm 2002061304 linux..

didn't see any popups
In your test you don't use window.open, you are just using a target to open the
new window, and the second window is opened again by using submit in another form.
You can disable this effect by changing the "open a link in a new window"
preference.
> You can disable this effect by changing the "open a link in a new window"
> preference.

This is true, but instead of opening popups, the window content is replaced.
Now imagine that you're visiting some site which uses forms in this way to create
popup adverts... whoops, where's the site content?


*** This bug has been marked as a duplicate of 144726 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.