Closed
Bug 1217379
Opened 9 years ago
Closed 9 years ago
Website elements shown over scrollbar!
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: sexxxenator, Unassigned)
Details
Attachments
(1 file)
102.84 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0 Build ID: 20151015172656 Steps to reproduce: I opened page: http://crypt-sdk.blogspot.fr/2011/11/how-to-set-proxy-settings-in-vlc-http.html With a few addons enabled (Ghostery, PrivacyBager,etc. but must probably the problem here is related to NoScript) Actual results: Some of the elements (floating menus) of the website are displayed on top of FF's GUI elements (here, the scrollbar) Expected results: No website element should be displayed outside the internal frame!!!! And that should be the case whatever plugin is installed!!! This is a security issue as: 1. This can be used to deny access to (or, worse, to hijack) some of FF's features 2. it means the website has control over elements it shouldn't be aware of!
Comment 1•9 years ago
|
||
This is the website layering content over its own things. That is perfectly possible, works the same in other browsers, and has been possible for a long time (maybe always, I don't remember if the "position: fixed" that the website is using is necessary; it may not be). The scrollbar is not really a "browser feature" - the page puts it there by setting overflow-y on the box. Here's a minimal-ish JSBin testcase that behaves the same way in Firefox and Chrome and which shows this behaviour: http://jsbin.com/dunotofaho/edit?html,css,output Here's the same testcase but with no scrollbar at all: http://jsbin.com/masukepaji/1/edit?html,css,output In conclusion, webpages can mess with their own layout (including overlaying/hiding scrollbars) pretty much however they like.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•