Closed Bug 304124 Opened 19 years ago Closed 10 years ago

scripts can move content/UI offscreen

Categories

(Camino Graveyard :: General, defect)

All
macOS
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: jaas, Unassigned)

References

()

Details

(Whiteboard: not quite spoofing)

playing it safe, marking this as a security bug

Enter the following into the Camino URL bar:

javascript: window.resizeTo(2000,2000)

Notice the height is constrained, but the width can actually become 2000,
putting the right side of the window off the screen. This can hide content and
our security UI.

Looks like we don't implement ConstrainPosition() in nsCocoaWindow.mm
Camino doesn't use nsCocoaWindow.mm; we need to do this in Camino code.
I don't think this is is quite so bad, since
1. we have a pref to not change the size/postion of windows (is this on by
   default?)
2. the user can always click the green to resize the window back so that it
   fits on screen.
> 2. the user can always click the green to resize the window back so that it
>   fits on screen.

The concern is that users won't notice that the "real" status bar is off of the
screen while the web page shows something that looks like a status bar.

Blocks: 180747
Whiteboard: [sg:fix]
Whiteboard: [sg:fix] → [sg:low] spoof
Can we drop security status on this bug?
but the status bar is still visible, as is the yellow/non-yellow-ness of the url bar. i'm confused how they could hide the status bar.
Assignee: sfraser_bugs → joshmoz
CC'ing smorgan per request on #foxymonkies
(In reply to comment #3)
> The concern is that users won't notice that the "real" status bar is off of the
> screen while the web page shows something that looks like a status bar.

How is this possible with a constrained height?  Without a demonstration/explanation of how there could be a spoof here, I'm not seeing how this is a security issue as opposed to a minor annoyance.
I misunderstood the bug when I added comment 3.  Making public.
Group: security
Whiteboard: [sg:low] spoof → [sg:low] not quite spoofing
Setting this for 1.2, but if I've misunderstood the severity, please retarget.
QA Contact: general
Target Milestone: --- → Camino1.2
Whiteboard: [sg:low] not quite spoofing → not quite spoofing
Over to smorgan, I'm not going to be able to look into this and fix it or make a decision about it any time soon.
Assignee: joshmoz → stuart.morgan
Assignee: stuart.morgan → nobody
Target Milestone: Camino1.6 → ---
Hardware: PowerPC → All
This bug has been buried in the graveyard and has not been updated in over 5 years. It is probably safe to assume that it will never be fixed, so resolving as WONTFIX.

[Mass-change filter: graveyard-wontfix-2014-09-24]
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.