Closed Bug 208210 Opened 21 years ago Closed 21 years ago

Unexpected Launch or Opening item by double-clicking scrollbar in download and history sidebar

Categories

(Toolkit :: Downloads API, defect)

Product:
Toolkit
Component:
Downloads API
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.5

People

(Reporter: noririty, Assigned: bugzilla)

References

Details

Attachments

(1 file)

proposed patch
2.56 KB, patch
Details | Diff | Splinter Review 
When you double click the scrollbar (i.e. to scroll up/down arrow button
quickly), Mozilla Firebird treats as you double-clicked the item.
This might causes security issue when you have downloaded some kind of malware.

Reproducible: Always

Steps to Reproduce:
[[ A. Download sidebar ]] <- Windows only
1. Download many files to show scrollbar in download sidebar.
2. Type [Ctrl]+[E] or Click [View]-[Sidebar]-[Downloads].
3. Select one of the items you downloaded.
4. Double-click scroll up/down arrow button (small triangle) quickly.
Actual Results:  
The item you selected launches unexpectedly without any confirmation.

[[ B. History sidebar ]] <- All
1. Visit and open many pages to show scrollbar in history sidebar.
2. Type [Ctrl]+[H] or Click [View]-[Sidebar]-[History].
3. Click [View]-[By Last Visited].
4. Click to select one page from sidebar.
5. Double-click scroll up/down arrow button (small triangle) quickly.
Actual Results:  
The page you selected opens unexpectedly in current tab.

Expected Results:  
Nothing. Clicking or double-clicking scroll bar should just to scroll.
Confirmed on Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b)
Gecko/20030603 Mozilla Firebird/0.6

Not sure this is part of the Downloading component, the components aren't quite
as clear as in Browser.  As for the security concern, beside that its a bit of
an annoying bug and may indicate a flaw in how the sidebar was implemented in
Firebird.
Confirming using Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.4b)
Gecko/20030603 Mozilla Firebird/0.6

=> changing status to "new" since I didn't find an already filed bug report for
this. Not sure about the component, I'd see this more in "General" since no
component seems to fit 100%
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attached patch proposed patchSplinter Review 

    
    

    
  
Comment on attachment 127355 [details] [diff] [review]
proposed patch

Blake, could you take a look at this?

This patch fixes bustage on double-clicking scrollbar.
I'm sure that this is some sort of security fix.
And very low risk to checking in.

        Attachment #127355 -
        Flags: review?(blaker)

    
  
Blocks: 212188

    
  

        Attachment #127355 -
        Flags: review?(blakeross)

    
    

    
  
checked in.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firebird0.7

    
    

    
  
Verified
Status: RESOLVED → VERIFIED
Product: Firefox → Toolkit

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: