Closed
Bug 1174144
Opened 9 years ago
Closed 3 years ago
Wrong doorhanger offset for some tablets
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(firefox40 affected, firefox41 affected, firefox42 affected, firefox43 affected, firefox44 affected, firefox45 affected, firefox46 affected, fennec-)
People
(Reporter: cos_flaviu, Assigned: liuche)
References
Details
(Keywords: csectype-spoof, sec-low)
Attachments
(4 files)
Environment: Device: Asus Transformer Pad (Android 4.2.1); Build: Nightly 41.0a1 (2015-06-12); Steps to reproduce: 1. Go to facebook.com; 2. Fill the username and password; 3. Zoom in and scroll down to hide the URL bar; 4. Submit login. Expected result: The password doorhanger appears right under the URL bar. Actual result: There is a space between the URL bar and the doorhanger. Notes: Please check the attached screenshot.
Comment 1•9 years ago
|
||
Chenxia, can you investigate?
Assignee: nobody → liuche
tracking-fennec: --- → ?
Flags: needinfo?(liuche)
Assignee | ||
Comment 4•9 years ago
|
||
Doorhanger offset problems are also seen on a Nexus 7 running Android 5.1.1.
Assignee | ||
Updated•9 years ago
|
Attachment #8621556 -
Attachment description: doorhanger.png → Screenshot: Extra doorhanger space on Asus Transformer Pad running 4.2.1
Assignee | ||
Updated•9 years ago
|
Attachment #8621556 -
Attachment description: Screenshot: Extra doorhanger space on Asus Transformer Pad running 4.2.1 → Screenshot: Asus Transformer Pad running 4.2.1 has extra space above doorhanger
Assignee | ||
Updated•9 years ago
|
Summary: Space between doorhanger and URL bar → Wrong doorhanger offset for some tablets
Assignee | ||
Updated•9 years ago
|
Blocks: doorhanger-v2
Updated•9 years ago
|
tracking-fennec: ? → 40+
Comment 5•9 years ago
|
||
Does this affect 39 as well? It's probably too late for that, but it would be good to know where this issue started.
Flags: needinfo?(liuche)
Assignee | ||
Comment 6•9 years ago
|
||
This is 40+ only, and landed in bug 1139551. Flaviu, Teodora - will you be bringing devices to whistler next week, and would that include these two devecs? I don't have these devices to test on (though I could upgrade our Nexus 7) and fixing this bug involves a bunch of trial and error for determining values that are specific to these devices :/
Flags: needinfo?(teodora.vermesan)
Flags: needinfo?(liuche)
Flags: needinfo?(flaviu.cos)
Comment 7•9 years ago
|
||
We weren't invited to whistler, but Ioana can bring the Nexus 7 (Android 5.1.1) with her, if that's ok.
Flags: needinfo?(teodora.vermesan)
Flags: needinfo?(flaviu.cos)
Assignee | ||
Comment 8•9 years ago
|
||
I can't seem to repro this on the Nexus 7 - there's a case where if the keyboard is still up, the doorhanger gets pushed up, but upon dismissing the keyboard, the doorhanger comes back down. What is the STR for this? Is there a keyboard involved?
Flags: needinfo?(teodora.vermesan)
Flags: needinfo?(flaviu.cos)
Reporter | ||
Comment 9•9 years ago
|
||
(In reply to Chenxia Liu [:liuche] from comment #8) > > What is the STR for this? Is there a keyboard involved? On Asus Transformer device doesn't matter if the keyboard is displayed or not. The doorhanger is displayed at wrong position as long as the URL bar is hidden while the doornahger is triggered.
Flags: needinfo?(flaviu.cos)
Assignee | ||
Comment 10•9 years ago
|
||
This is a security bug, because the doorhanger doesn't overlap with the urlbar, so a page could spoof our doorhanger, and trick a user into typing in their username/password.
Group: mozilla-employee-confidential
Comment 11•9 years ago
|
||
I think this should actually belong in the security group, not the moco confidential group. Maybe dveditz can help us set that (I don't see a way to do that myself).
Flags: needinfo?(dveditz)
Updated•9 years ago
|
Group: mozilla-employee-confidential → core-security
Flags: needinfo?(dveditz)
Comment 12•9 years ago
|
||
I can reproduce Bug 1174142 - The Password Doorhanger overlaps half of the URL Bar if the URL Bar is hidden when signing in, on Firefox for Android 41.0a2 (2015-06-30). Please take a look at the following video: https://www.youtube.com/watch?v=Sc194SYkUFA
Flags: needinfo?(teodora.vermesan)
Comment 13•9 years ago
|
||
Another issue I found while testing: STR: 1. Go to facebook.com 2. Tap the username text area => the VKB appears 3. Tap the grey lock => the Site Identity Doorhanger overlaps the URL Bar. (http://i.imgur.com/hrEQHNq.png) Is it the same issue?
Flags: needinfo?(liuche)
Assignee | ||
Comment 14•9 years ago
|
||
Teodora, would you let me know what device and version of Android this is on?
Flags: needinfo?(liuche)
Assignee | ||
Updated•9 years ago
|
Flags: needinfo?(teodora.vermesan)
Comment 16•9 years ago
|
||
Don't think this needs to be hidden as it's already a known spoofing risk to have the doorhangers not overlapping the browser chrome. Overlapping too much isn't a security problem at all, just ugly. Is it not possible on Android to have the little pointy tip that the desktop doorhangers do? That's a visual clue that the overlap is on purpose and also lets you not have to cover up as much while proving the doorhanger is legit browser UI and not page-generated. The current Android square overlap almost just looks like it's misplaced, and people might not notice its absence (e.g. a spoof page with a fake doorhanger abutting the top, 0 overlap).
Group: core-security
Keywords: csectype-spoof,
sec-low
Assignee | ||
Comment 17•9 years ago
|
||
Daniel, we used to have the pointy arrow tip, but as a recent design choice, decided to remove it because 1) design-wise we wanted to be more consistent with Android's styling (Material Design), and 2) maintaining the arrow required a lot of messy calculations, hacky visuals, and was the source of many, many bugs. That's a good point though, that the overlap is very small, and users might not notice if it was being spoofed.
Assignee | ||
Comment 18•9 years ago
|
||
I've gotten a device now, but need to figure out a way to flash it to 4.2.1 so I can fix the offsets for this device + Android version. Google provides Android OS images for Nexus devices, but I'm not sure how to find an 4.2 image for this device. Flaviu, do you have an Android 4.2 ROM for the Transformer that I could get and flash onto this device? There are various ROMs from xda but they look like versions someone hacked to work on this device.
Assignee | ||
Updated•9 years ago
|
Flags: needinfo?(flaviu.cos)
Reporter | ||
Comment 19•9 years ago
|
||
(In reply to Chenxia Liu [:liuche] from comment #18) > I've gotten a device now, but need to figure out a way to flash it to 4.2.1 > so I can fix the offsets for this device + Android version. Google provides > Android OS images for Nexus devices, but I'm not sure how to find an 4.2 > image for this device. > > Flaviu, do you have an Android 4.2 ROM for the Transformer that I could get > and flash onto this device? There are various ROMs from xda but they look > like versions someone hacked to work on this device. I don't have a ROM because my device got the update OTA. If you have the Asus Transformer Pad TF300T it should get official Android 4.2.1 by OTA. The older model TF101 does only have Android 4.0.3.
Flags: needinfo?(flaviu.cos)
Assignee | ||
Comment 20•9 years ago
|
||
Do you have access to the number of users on this specific device, the TF300T? (I'm not sure if it is present on other versions of Android, so while it could be useful to know the Android version, it probably won't be that helpful.)
Flags: needinfo?(blassey.bugs)
Comment 21•9 years ago
|
||
we currently have 227,436 installs on those tablets (note: there are 4 flavors of the TF300T)
Flags: needinfo?(blassey.bugs)
Assignee | ||
Comment 22•9 years ago
|
||
I've ordered a device, it should come in this week.
Updated•9 years ago
|
tracking-fennec: 40+ → -
Reporter | ||
Updated•9 years ago
|
status-firefox42:
--- → affected
Assignee | ||
Comment 23•9 years ago
|
||
I tried this on a TF300T running 4.2.1 and can't repro this on Nightly - are you still seeing it, Flaviu?
Flags: needinfo?(flaviu.cos)
Reporter | ||
Comment 24•9 years ago
|
||
I can still reproduce the issue on Asus Transformer TF300T running Android 4.2.1 on latest Nihghtly (2015-09-23).
Flags: needinfo?(flaviu.cos)
Reporter | ||
Updated•9 years ago
|
status-firefox43:
--- → affected
status-firefox44:
--- → affected
Reporter | ||
Updated•9 years ago
|
status-firefox45:
--- → affected
Reporter | ||
Updated•8 years ago
|
status-firefox46:
--- → affected
Comment 25•3 years ago
|
||
We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•