1336753 - Contextual Feedback on Insecure Passwords blocks fields when notificationbox appears

Status: RESOLVED DUPLICATE of bug 1329333

(Firefox :: Security, defect)

Description

[Adam Roach [:abr]]

Attachment: Screenshot of obscured input field

This relates to the feature implemented by bug 1217162.

STR:

1. Go to an insecure webpage containing a password field (e.g., http://www.w3schools.com/html/tryit.asp?filename=tryhtml_input_password)

2. Open the browser console

3. In the browser console, enter the following code:

> var box = gBrowser.getNotificationBox(); setTimeout(function(){box.appendNotification('banner','Example Banner','chrome://browser/skin/Info.png',box.PRIORITY_WARNING_MEDIUM, []);}, 5000);

4. Within 5 seconds, click on the username field. The contextual feedback should appear warning about insecure submission of passwords.

5. Wait for the notificationbox (yellow banner) to appear

6. Note that the username field has slid down, but the contextual feedback has not. The username field is now obscured and effectively impossible to use.

The attached screenshot illustrates the issue.

Comment 1

[Adam Roach [:abr]]

To help gauge severity: this situation arises organically whenever a page loads that moves the cursor to an input field by default, and then also performs some action -- such as activating a plugin that the user has set to ask for activation -- that causes a notificationbox to appear. Given the continuing prevalence of Flash on the web, this will probably annoy a significant number of users who have Flash set as "ask every time."

Comment 2

[Johann Hofmann [:johannh]]

While this behavior definitely isn't ideal and should be fixed, I think the fact that you can click outside and back into the field and the box will re-adjust itself makes it a little less severe.

Comment 3

[Matthew N. [:MattN]]

This is a dupe of bug 1329333 and others like it. Our implementation of autocomplete since e10s-ification unfortunately doesn't follow the field :(