Closed
Bug 381243
Opened 17 years ago
Closed 16 years ago
Adobe flash objects can receive keyboard input events, regardless of focus.
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: lepsmith, Unassigned)
References
()
Details
(Whiteboard: [sg:needinfo])
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 It appears that it is possible that Flash objects recieve input events, even though you might be looking at a completely different page. Reproducible: Always Steps to Reproduce: 1. Go to http://homestarrunner.com/trogdor.html 2. Start a new game, press space to pause. 3. Open a new tab, and go somewhere else (say google.com) 4. Press space, and (optionally) arrow keys and letters. Everything appears to be working. 5. Switch back to the game tab to see that the game has become unpaused, and that your character has moved. Actual Results: The game becomes unpaused and your character moves around. Expected Results: The game should remain paused, because the game should never see the keyboard input events while you are viewing a different page. Theoretically, this could be exploited to say, steal credit card numbers.
Reporter | ||
Comment 1•17 years ago
|
||
Oh, my flash version may be helpful. Here it is from about:plugins: File name: Flash Player Enabler.plugin Shockwave Flash 9.0 r19 File name: Flash Player.plugin Shockwave Flash 7.0 r24 Hmm... that's odd, apparently I have two versions of Flash floating around...
Comment 2•17 years ago
|
||
works for me on linux with flash 9 r31 and windows with flash 9 r45. Try removing your old flash installs and installing the latest to see if you can reproduce.
Reporter | ||
Comment 3•17 years ago
|
||
I removed the older flash version and updated to flash 9 r45, and the problem still exists. Apparently it's a mac-only problem. Also, I forgot to mention that Safari does not have this issue.
Updated•17 years ago
|
Component: Security → Plug-ins
Product: Firefox → Core
QA Contact: firefox → plugins
Comment 4•17 years ago
|
||
Are you still seeing this bug? I don't think I can reproduce it using Firefox trunk on Intel Mac OS X 10.4 with Flash 9,0,115,0. Can you be more specific in your steps to reproduce? Exactly what do you click on or press to open a new tab, etc?
Comment 5•16 years ago
|
||
Leon, can you retest using Firefox 3 or later? Do you still see this bug? dveditz thinks this might have been fixed by the switch from Carbon to Cocoa.
Comment 6•16 years ago
|
||
Related to http://secunia.com/advisories/12403/ ? I think we have a problem with Carbon-based plugins, but they're fixed in FF3
Updated•16 years ago
|
Whiteboard: [sg:needinfo]
Reporter | ||
Comment 7•16 years ago
|
||
Yes, it does appear to be fixed in FF3. I did not try the latest 2.0 version though.
Reporter | ||
Comment 8•16 years ago
|
||
The advisory Daniel linked to might be related. This problem did not appear when I opened the other website in a new window, it was specific to tabs.
Reporter | ||
Comment 9•16 years ago
|
||
Also, I observed this with PPC Macs. (And re-tested on a PPC Macintosh) I'm pretty sure I opened a tab with option-t, as I never click on the menu. I sort of doubt it would make a difference though, but I don't know. I didn't try it.
Updated•16 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•