Closed Bug 1271118 Opened 9 years ago Closed 6 years ago

Prevent from creating unlimited "Launch Application" and "Opening" external software prompts

Categories

(Firefox :: File Handling, defect, P3)

Product:
Firefox
Component:
File Handling
Platform:
x86_64
Windows 7
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 167475

People

(Reporter: Virtual, Unassigned)

Details

(Keywords: nightly-community)

We should prevent Firefox from creating unlimited "Launch Application" and "Opening" ("Open with" and "Save File") and other external software prompts to prevent some odd trap and prank websites pages hanging and making Firefox unresponsive and slow, even with e10s enabled. I think the good limit could be 10 or at least some less than 20.
Component: Document Navigation → Untriaged
Product: Core → Firefox
How is this different from bug 432687?
Bug #432687 is the meta bug now. What's more, I'm not seeing there any "Launch Application" and "Opening" ("Open with" and "Save File") and other external software prompts related stuff there. (from bug #432687 comment #0) > User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9b5) > Gecko/2008041515 Firefox/3.0b5 > Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9b5) > Gecko/2008041515 Firefox/3.0b5 > > There are javascript based websites that are traps which cause Firefox to > show nasty content and stop answering user requests. Firefox behavior in > these situations is really bad since it obey to the code and stop to listen > to the user, it's not possible to close, change the configuration, close the > tab or even exit Firefox! > > A good example is this website (WARNING, this website shows pornographic > content and you will not be able to close it without killing Firefox : > > www.mylazysundays.com > > Reproducible: Always > > Steps to Reproduce: > 1. > 2. > 3. > Actual Results: > Impossible to move/maximize/close the Firefox window, impossible to change > the website, impossible to close the tab and impossible to modify the > Firefox configuration. > > Expected Results: > Firefox should accept the user request to change the website or to close the > website, and should not accept javascript code which cause Firefox main > window to run on the screen and refuse the mouse. > > Even if it's javascript, it's a major issue that Firefox refuse any user > request in these conditions. There is no reason to justify the user losing > control over Firefox. > > Firefox should really give the possibility to the user to exit this webpage.
Component: Untriaged → File Handling
This seems to be a product requirement. @ Wesly, are we going to develop this feature while we enhance content handling?
Flags: needinfo?(wehuang)
Thanks William for query and no, I don't see this requirement being covered in our current UX spec. But this might be something to consider in the future. Ping UX people for comment. @Morpheus, please feel free to let us know your thought about this, thanks.
Flags: needinfo?(wehuang) → needinfo?(mochen)
After consulting with engineers, I also don't think we need to define this in the scope of Content Handling project. Instead, it might need to be considered by an overall UX design and consistent technical solution.
Flags: needinfo?(mochen)
Thanks Morpheus for the check, and I support the conclusion!
Set priority to P3. Put this bug to backlog.
Priority: -- → P3
Has Regression Range: --- → irrelevant
Has STR: --- → yes
Blocks: eviltraps
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Cleaning per duplicate.
No longer blocks: eviltraps, 1270444
Status: RESOLVED → VERIFIED
Keywords: csectype-dos, csectype-spoof, perf, topperf
You need to log in before you can comment on or make changes to this bug.