Closed Bug 451622 Opened 16 years ago Closed 14 years ago

Modal dialogue box on invalid URL

Categories

(Firefox :: General, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: mart0258, Unassigned)

References

()

Details

(Whiteboard: [CLOSEME 2010-11-01])

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

Attempting to visit the url "place:blank" a modal dialogue box appears with the message "Firefox doesn't know how to open this address, because the protocol (place) isn't associated with any program".

This dialogue box can be used to prevent access to the browser window via malicious Javascript (see bug 61098).  


Reproducible: Always

Steps to Reproduce:
1. Enter the URL into the address bar.
2. Or, as an alternative, create a Javascript loop that sets window.location = "place:blank".  Since an exception is thrown, you will need to use a try-catch block.   Be advised that this will stop the window from working. 

Actual Results:  
Modal dialogue box appears.  Note, however, that the dialogue box doesn't get titled [Javascript Application] as does get done with the alert() function.  

Expected Results:  
Results should match when trying to visit http://www.invalid.invalid/ - a non-modal message appears within the browser pane.
This is an example application that demonstrates a potential DoS attack for Firefox.  This will only temporarly lock the browser window until all 25 dialogue boxes are cleared - malicious webpages could potentially cause an infinite loop.
This is a mass search for bugs which are in the Firefox General component, are
UNCO, have not been changed for 500 days and have an unspecified version. 

Reporter, can you please update to Firefox 3.6.10 or later, create a fresh profile, http://support.mozilla.com/en-US/kb/managing+profiles, and test again. If you still see the issue, please update this bug. If the issue is gone, please set the status to RESOLVED > WORKSFORME.
Whiteboard: [CLOSEME 2010-11-01]
No reply from reporter, INCOMPLETE. Please retest with Firefox 3.6.12 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: