Closed
Bug 284551
Opened 19 years ago
Closed 19 years ago
SSL spoofing vulnerability: status bar disappears in small windows; popups can spoof the SSL lock.
Categories
(Core :: Layout: Images, Video, and HTML Frames, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: mozilla, Assigned: dveditz)
References
()
Details
(Keywords: fixed-aviary1.0.2, fixed1.7.6, Whiteboard: [sg:fix] fixed on trunk)
Attachments
(1 file)
1.11 KB,
patch
|
asa
:
approval-aviary1.0.2+
asa
:
approval1.7.6+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 When a window is less than 128 pixels high, the status bar is hidden. This is bad because the status bar contains critical security information. This is especially bad because Javascript can open popup windows small enough to hide the status bar, and spoof the SSL security indicator in the status bar. See http://zesty.ca/popup/ for an example. Javascript can also prevent the user from resizing the window or from seeing the menu bar, so there is really no way to get the status bar back. (This is also inconvenient because the horizontal scrollbar disappears in the same way.) The best and most straightforward solution is to ensure that the status bar is always visible. Reproducible: Always Steps to Reproduce: 1. Open a new Firefox window (Ctrl-N). 2. Ensure that the status bar is turned on (View -> Status Bar). 3. Grab the lower edge of the window and shrink it vertically. Actual Results: When the window height is reduced beyond a certain point (128 pixels), the status bar will disappear (it will refuse to move up any further). Expected Results: The status bar should not disappear. It should always occupy the lowest 20 or so pixels of the window height. (Also, if the menu bar and status bar happen to be turned off, there should be a way for the user to turn them back on.)
Assignee | ||
Comment 1•19 years ago
|
||
The status bar shouldn't disappear, confirming. It's not a perfect spoof because as of Firefox 1.0.1 the site appears in the title bar, but people are likely to be misled by the fake status bar all the same. The Suite has a similar issue, but instead of having a fixed content height of ~128px it looks like ~122px.
Severity: major → normal
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking-aviary1.1?
Flags: blocking-aviary1.0.2?
Whiteboard: [sg:fix]
Comment 2•19 years ago
|
||
Doh! I've got windows diverted into tabs ;-) The problem was fixed on the trunk - bug 217477 - to fix the mail status bar!
Assignee | ||
Updated•19 years ago
|
Flags: blocking-aviary1.0.2?
Assignee | ||
Comment 3•19 years ago
|
||
Marking blocking 1.0.2, otherwise this one seems to keep getting forgotten. I'd rather have drivers explicitly minus than forget to plus. This bug originated as a public thread on n.m.p.security, the confidential flag is somewhat pointless at this point.
Group: security
Flags: blocking-aviary1.0.2? → blocking-aviary1.0.2+
Whiteboard: [sg:fix] → [sg:fix] fixed on trunk
Comment 4•19 years ago
|
||
Is this an issue for seamonkey too?
Assignee | ||
Comment 5•19 years ago
|
||
Yes seamonkey has a similar issue, see comment 1 Moving to Core so we can set the right flags. Besides the fix is in layout as Neil pointed out.
Assignee: firefox → nobody
Component: General → Layout: HTML Frames
Product: Firefox → Core
QA Contact: general → layout.html-frames
Version: unspecified → 1.7 Branch
Assignee | ||
Comment 6•19 years ago
|
||
Neil's patch from bug 217477 (updated to branch line numbers). Copied here for branch-checkin approval bookkeeping.
Attachment #177462 -
Flags: approval1.7.6?
Attachment #177462 -
Flags: approval-aviary1.0.2?
Assignee | ||
Updated•19 years ago
|
Flags: blocking1.7.6+
Comment 7•19 years ago
|
||
Comment on attachment 177462 [details] [diff] [review] Neil's patch from bug 217477, r=roc, sr=jst a=asa
Attachment #177462 -
Flags: approval1.7.6?
Attachment #177462 -
Flags: approval1.7.6+
Attachment #177462 -
Flags: approval-aviary1.0.2?
Attachment #177462 -
Flags: approval-aviary1.0.2+
Assignee | ||
Updated•19 years ago
|
Assignee: nobody → dveditz
Assignee | ||
Comment 8•19 years ago
|
||
Fix checked in to 1.7 and aviary-1.0.1 branches. Trunk was already fixed (bug 217477).
Status: NEW → RESOLVED
Closed: 19 years ago
Keywords: fixed-aviary1.0.2,
fixed1.7.6
Resolution: --- → FIXED
Assignee | ||
Updated•19 years ago
|
Flags: blocking-aviary1.1?
Flags: blocking-aviary1.0.3?
Comment 9•19 years ago
|
||
testing on linux fc3, the test case now displays the status bar, so looks fixed to me. tested with 2005031707-1.0.2 firefox and 2005031710-1.7.6 mozilla builds.
Comment 10•19 years ago
|
||
Status bar is displaying with unsecure icon on Mac Fx 1.0.2 and Moz 1.7.6. Also looks good on Windows 1.7.6
Status: RESOLVED → VERIFIED
Reporter | ||
Comment 11•19 years ago
|
||
(In reply to comment #10) > Status bar is displaying with unsecure icon on Mac Fx 1.0.2 and Moz 1.7.6. Also > looks good on Windows 1.7.6 Thank you for addressing this bug so quickly. Way to go!
Updated•19 years ago
|
Flags: testcase+
Updated•17 years ago
|
Flags: in-testsuite+ → in-testsuite?
Updated•6 years ago
|
Product: Core → Core Graveyard
Updated•6 years ago
|
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•