Closed Bug 1317242 (CVE-2017-7770) Opened 3 years ago Closed 3 years ago
Location Bar Spoofing Risk using the Fullscreen mode and a new tab loaded using the alert()
This is reproducible in all release channels.
This is how it looks like on my phone.
@snorp: My guess is that this is more platform-y, what do you think? Otherwise someone from the Taipei team could investigate.
Actually this looks a lot like the same issue as bug 1319366: Clicking a link while in full-screen mode using Google slides makes the navigation bar go black.
Yeah I think this is basically a frontend bug, similar to 1319366 as Sebastian said.
tracking-fennec: ? → 53+
Hey Nevin. This security bug looks like it is the same problem as bug 1319366. If you find a solution for bug 1319366 then can you check whether this one here is fixed too?
Assignee: nobody → cnevinchen
Suggest to close this bug since bug 1319366 is landed
Can you test if this is fixed for the steps in comment 0? If so then let's close it.
It looks fixed to me. So I'll close this bug.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1319366
Be extremely careful about marking security bugs as duplicates! This will almost completely hide the fact that a security bug was fixed which means at the very least: - QA never verifies the security fix - no advisories are written - no CVE is assigned - reporter gets no credit, and might even miss out on the bounty itself if no one notices - no testcase for the security bug gets added to the tree This is essentially absolute when the duplicate is a non-security bug. Mark the security bug "depends on" the other bug and call it FIXED. If the proposed duplicate is a security bug is it really the same? If the primary bug is in any way of a larger scope or has a different testcase then it's not a duplicate, it's a "depends on" relationship.
Depends on: 1319366
Resolution: DUPLICATE → FIXED
Whiteboard: fixed by bug 1319366
Hi Daniel, Al Got it. Thank you! May I know is there's anything I can do now?
No, nothing to do. I only set needinfo? to make sure you saw the comment. :-)
You need to log in before you can comment on or make changes to this bug.