Closed
Bug 1437219
Opened 7 years ago
Closed 6 years ago
Addressbar spoofing attack with using fullscreen (popup show up over fullscreen mode and hide the fullscreen notification)
Categories
(Firefox :: Address Bar, defect, P5)
Tracking
()
RESOLVED
DUPLICATE
of bug 1432856
Tracking | Status | |
---|---|---|
firefox60 | --- | affected |
People
(Reporter: chromium.khalil, Unassigned)
References
Details
(Keywords: csectype-spoof, sec-low)
Attachments
(3 files)
this seems like this is a fullscreen bug, Firefox should not allow to show a popup over fullscreen, but Chrome doesn't allow (fixed in https://bugs.chromium.org/p/chromium/issues/detail?id=752003).
Steps to repro:
1. Lunch the test case
2. Click on 'Reload' button
3. Observe
Reporter | ||
Comment 1•7 years ago
|
||
Reporter | ||
Updated•7 years ago
|
Summary: Addressbar spoofing attack with using fullscreen → Addressbar spoofing attack with using fullscreen (popup show up over fullscreen mode and hide the fullscreen notification)
Comment hidden (obsolete) |
Reporter | ||
Comment 3•7 years ago
|
||
Is this a dupe bug?
Updated•7 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(dveditz)
Keywords: csectype-spoof,
sec-low
Comment 4•7 years ago
|
||
The bug I was thinking of attempted the same thing (cover the fullscreen announcement) but using a different trick. At least, judging by your picture: I couldn't open the archive. If your PoC is multiple files please attach as a .zip or .tar.gz (that order of preference, with .zip highly preferred) and if it's a single file just attach it.
Flags: needinfo?(chromium.khalil)
See Also: → CVE-2021-38508
Reporter | ||
Comment 5•7 years ago
|
||
Flags: needinfo?(chromium.khalil)
Reporter | ||
Updated•7 years ago
|
Comment 7•7 years ago
|
||
The poc doesn't quite work with the default fullscreen transition, but we don't do fullscreen transition on Linux (due to complexity of interaction with arbitrary window manager) and Windows without composition enabled (because you cannot animating the window opacity in that case).
Despite that, I actually constructed a PoC which kinda works even with fullscreen transition, although the transition itself should put good warning that something may be happening.
Anyway, this is probably a duplicate of bug 1432856, and I have a proposed solution there. Just need some time to implement...
Updated•7 years ago
|
Depends on: CVE-2020-6810
Updated•7 years ago
|
Priority: -- → P5
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(dveditz)
Resolution: --- → DUPLICATE
Updated•6 years ago
|
No longer depends on: CVE-2020-6810
Updated•2 years ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•