1174144 - Wrong doorhanger offset for some tablets

Status: RESOLVED INCOMPLETE

(Firefox for Android Graveyard :: General, defect)

Description

[Flaviu Cos]

Attachment: Screenshot: Asus Transformer Pad running 4.2.1 has extra space above doorhanger

Environment: 
Device: Asus Transformer Pad (Android 4.2.1);
Build: Nightly 41.0a1 (2015-06-12);

Steps to reproduce:
1. Go to facebook.com;
2. Fill the username and password;
3. Zoom in and scroll down to hide the URL bar;
4. Submit login.

Expected result:
The password doorhanger appears right under the URL bar.

Actual result:
There is a space between the URL bar and the doorhanger.

Notes:
Please check the attached screenshot.

Comment 1

[:Margaret Leibovic]

Chenxia, can you investigate?

Comment 2

[Chenxia Liu [:liuche]]

Ugh, was this not fixed by bug 1159696?

Comment 4

[Chenxia Liu [:liuche]]

Attachment: Screenshot: Nexus 7 5.1.1 overlaps animating dynamic toolbar

Doorhanger offset problems are also seen on a Nexus 7 running Android 5.1.1.

Comment 5

[:Margaret Leibovic]

Does this affect 39 as well? It's probably too late for that, but it would be good to know where this issue started.

Comment 6

[Chenxia Liu [:liuche]]

This is 40+ only, and landed in bug 1139551.

Flaviu, Teodora - will you be bringing devices to whistler next week, and would that include these two devecs? I don't have these devices to test on (though I could upgrade our Nexus 7) and fixing this bug involves a bunch of trial and error for determining values that are specific to these devices :/

Comment 7

[Teodora Vermesan (:TeoVermesan)]

We weren't invited to whistler, but Ioana can bring the Nexus 7 (Android 5.1.1) with her, if that's ok.

Comment 8

[Chenxia Liu [:liuche]]

Attachment: Screenshot: Doorhanger pushed up by keyboard

I can't seem to repro this on the Nexus 7 - there's a case where if the keyboard is still up, the doorhanger gets pushed up, but upon dismissing the keyboard, the doorhanger comes back down.

What is the STR for this? Is there a keyboard involved?

Comment 9

[Flaviu Cos]

(In reply to Chenxia Liu [:liuche] from comment #8)
> 
> What is the STR for this? Is there a keyboard involved?

On Asus Transformer device doesn't matter if the keyboard is displayed or not. The doorhanger is displayed at wrong position as long as the URL bar is hidden while the doornahger is triggered.

Comment 10

[Chenxia Liu [:liuche]]

This is a security bug, because the doorhanger doesn't overlap with the urlbar, so a page could spoof our doorhanger, and trick a user into typing in their username/password.

Comment 11

[:Margaret Leibovic]

I think this should actually belong in the security group, not the moco confidential group. Maybe dveditz can help us set that (I don't see a way to do that myself).

Comment 12

[Teodora Vermesan (:TeoVermesan)]

I can reproduce Bug 1174142 - The Password Doorhanger overlaps half of the URL Bar if the URL Bar is hidden when signing in, on Firefox for Android 41.0a2 (2015-06-30). Please take a look at the following video:
https://www.youtube.com/watch?v=Sc194SYkUFA

Comment 13

[Teodora Vermesan (:TeoVermesan)]

Another issue I found while testing:
STR:
1. Go to facebook.com
2. Tap the username text area => the VKB appears
3. Tap the grey lock => the Site Identity Doorhanger overlaps the URL Bar. (http://i.imgur.com/hrEQHNq.png)
Is it the same issue?

Comment 14

[Chenxia Liu [:liuche]]

Teodora, would you let me know what device and version of Android this is on?

Comment 15

[Teodora Vermesan (:TeoVermesan)]

LG Nexus 4 (Android 5.1.1)

Comment 16

[Daniel Veditz [:dveditz]]

Don't think this needs to be hidden as it's already a known spoofing risk to have the doorhangers not overlapping the browser chrome. Overlapping too much isn't a security problem at all, just ugly.

Is it not possible on Android to have the little pointy tip that the desktop doorhangers do? That's a visual clue that the overlap is on purpose and also lets you not have to cover up as much while proving the doorhanger is legit browser UI and not page-generated. The current Android square overlap almost just looks like it's misplaced, and people might not notice its absence (e.g. a spoof page with a fake doorhanger abutting the top, 0 overlap).

Comment 17

[Chenxia Liu [:liuche]]

Daniel, we used to have the pointy arrow tip, but as a recent design choice, decided to remove it because 1) design-wise we wanted to be more consistent with Android's styling (Material Design), and 2) maintaining the arrow required a lot of messy calculations, hacky visuals, and was the source of many, many bugs.

That's a good point though, that the overlap is very small, and users might not notice if it was being spoofed.

Comment 18

[Chenxia Liu [:liuche]]

I've gotten a device now, but need to figure out a way to flash it to 4.2.1 so I can fix the offsets for this device + Android version. Google provides Android OS images for Nexus devices, but I'm not sure how to find an 4.2 image for this device.

Flaviu, do you have an Android 4.2 ROM for the Transformer that I could get and flash onto this device? There are various ROMs from xda but they look like versions someone hacked to work on this device.

Comment 19

[Flaviu Cos]

(In reply to Chenxia Liu [:liuche] from comment #18)
> I've gotten a device now, but need to figure out a way to flash it to 4.2.1
> so I can fix the offsets for this device + Android version. Google provides
> Android OS images for Nexus devices, but I'm not sure how to find an 4.2
> image for this device.
> 
> Flaviu, do you have an Android 4.2 ROM for the Transformer that I could get
> and flash onto this device? There are various ROMs from xda but they look
> like versions someone hacked to work on this device.

I don't have a ROM because my device got the update OTA.
If you have the Asus Transformer Pad TF300T it should get official Android 4.2.1 by OTA.
The older model TF101 does only have Android 4.0.3.

Comment 20

[Chenxia Liu [:liuche]]

Do you have access to the number of users on this specific device, the TF300T? (I'm not sure if it is present on other versions of Android, so while it could be useful to know the Android version, it probably won't be that helpful.)

Comment 21

[Brad Lassey [:blassey] (use needinfo?)]

we currently have 227,436 installs on those tablets (note: there are 4 flavors of the TF300T)

Comment 22

[Chenxia Liu [:liuche]]

I've ordered a device, it should come in this week.

Comment 23

[Chenxia Liu [:liuche]]

I tried this on a TF300T running 4.2.1 and can't repro this on Nightly - are you still seeing it, Flaviu?

Comment 24

[Flaviu Cos]

Attachment: doorhanger offset.png

I can still reproduce the issue on Asus Transformer TF300T running Android 4.2.1 on latest Nihghtly (2015-09-23).

Comment 25

[BMO Automation]

We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.