1093634 - rss-content, displayed in thunderbird, makes firefox open a new tab

Status: RESOLVED DUPLICATE of bug 524281

(MailNews Core :: Feed Reader, defect)

Description

[bugblatterbeast]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Build ID: 20141027150301

Steps to reproduce:

1. I had the firefox running (as my default browser).
2. I used thunderbird to display a newsfeed-item that embedded an iframe from "admized.com", containing a self-sending-form like this:

    <form name="test" method="post" action="http://annoying-ads.xyz/">
      <input type="hidden" name="something" value="identifier">
    </form>
    <script type="text/javascript" language="JavaScript">
<!--
document.test.submit();
//-->
    </script>

Since the problem occured only occasionally because the ads change, I've recreated it in this test-newsfeed:

http://www.bugblatterbeast.de/bn.xml

it contains just one news-item, that reassembles the critical part of the problem caused by admized.com. Please let me know, when you're finished testing with that.


Actual results:

A new tab opens in firefox with the target specified in the self-sending form. This happens all the time, when you're using the test-newsfeed and firefox is already running, when you open the newsfeed-item.


Expected results:

Nothing should happen, since javascript is deactivated in thunderbird.

Luckily this problem just affects rss-feed-items and doesn't work in html-emails, so I don't think it's a huge security-thread.

Comment 1

[bugblatterbeast]

some further info:

1. also happening on Ubuntu 14.4 with firefox 32.0.3 and thunderbird 31.1.2 (new profiles)
2. it does not have to be firefox, but any default browser
3. the browser does not have to be running as I thought before. it will start itself (at least in the cases, that I've checked on Ubuntu, Win7 and WinXP)
4. thunderbird stops rendering the content right after the code posted above (anything behind that, won't show)

I will attach the files I've used for the test-newsfeed on my domain, in case you prefer to setup the test yourself.

regards, bbb

Comment 2

[bugblatterbeast]

Attachment: a static rss-neewsfeed with one item

This is the test-newsfeed, containing a single item, that is pointing to bn1.html

Comment 3

[bugblatterbeast]

Attachment: html-source of the newsfeed-item, causing the trouble

This is the newsfeed-items html-source. It contains the code posted above. When displayed, it will make thunderbird open a new tab in the default web-browser.

Comment 4

[bugblatterbeast]

Attachment: a random target-page

Comment 5

[bugblatterbeast]

Comment on attachment 8516926 [details]
a static rss-neewsfeed with one item

source of bn.xml (most of the namespaces are not needed, I've just copied an pasted it):

<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:feedburner="http://rssnamespace.org/feedburner/ext/1.0" version="2.0">
  <channel>
    <title>Bad News</title>
    <link>http://www.bugblatterbeast.de/bn.xml</link>
    <description>Test</description>
    <lastBuildDate>Sat, 1 Nov 2014 16:00:00 +0000</lastBuildDate>
    <language>en</language>
    <item>
      <title>strange tabs in firefox</title>
      <link>http://www.bugblatterbeast.de/bn1.html</link>
      <pubDate>Sat, 1 Nov 2014 18:00:00 +0000</pubDate>
      <dc:creator>bugblatterbeast</dc:creator>
      <description>
        <![CDATA[
          <p>This feed uses a self-sending-form to open a new tab in firefox.</p>
        ]]>
      </description>
      <content:encoded>
        <![CDATA[
          <p>...</p>
        ]]>
      </content:encoded>
    </item>
  </channel>
</rss>