Closed Bug 1437219 Opened 7 years ago Closed 6 years ago

Addressbar spoofing attack with using fullscreen (popup show up over fullscreen mode and hide the fullscreen notification)

Categories

(Firefox :: Address Bar, defect, P5)

60 Branch
x86_64
Windows 7
defect

Tracking

()

RESOLVED DUPLICATE of bug 1432856
Tracking Status
firefox60 --- affected

People

(Reporter: chromium.khalil, Unassigned)

References

Details

(Keywords: csectype-spoof, sec-low)

Attachments

(3 files)

this seems like this is a fullscreen bug, Firefox should not allow to show a popup over fullscreen, but Chrome doesn't allow (fixed in https://bugs.chromium.org/p/chromium/issues/detail?id=752003). Steps to repro: 1. Lunch the test case 2. Click on 'Reload' button 3. Observe
Attached file PoC.rar
Summary: Addressbar spoofing attack with using fullscreen → Addressbar spoofing attack with using fullscreen (popup show up over fullscreen mode and hide the fullscreen notification)
Is this a dupe bug?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(dveditz)
The bug I was thinking of attempted the same thing (cover the fullscreen announcement) but using a different trick. At least, judging by your picture: I couldn't open the archive. If your PoC is multiple files please attach as a .zip or .tar.gz (that order of preference, with .zip highly preferred) and if it's a single file just attach it.
Flags: needinfo?(chromium.khalil)
See Also: → CVE-2021-38508
Attached file testcase.zip
Flags: needinfo?(chromium.khalil)
shouldn't be higher than "sec-low"?
Flags: needinfo?(dveditz)
The poc doesn't quite work with the default fullscreen transition, but we don't do fullscreen transition on Linux (due to complexity of interaction with arbitrary window manager) and Windows without composition enabled (because you cannot animating the window opacity in that case). Despite that, I actually constructed a PoC which kinda works even with fullscreen transition, although the transition itself should put good warning that something may be happening. Anyway, this is probably a duplicate of bug 1432856, and I have a proposed solution there. Just need some time to implement...
Priority: -- → P5
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(dveditz)
Resolution: --- → DUPLICATE
No longer depends on: CVE-2020-6810
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: