Closed
Bug 1450083
Opened 7 years ago
Closed 6 years ago
web page hijacks tabs and location bar
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
DUPLICATE
of bug 1445844
People
(Reporter: raysatiro, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
1.13 MB,
image/gif
|
Details |
malware fake tech support website in firefox.gif
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Steps to reproduce:
Firefox 61.0a1 (2018-03-29) (64-bit)
20180329100042
1. careful it's a malware / fake tech support page. http://207.246.92.127/ch/
2. hover the mouse over the page and the webpage takes over the mouse
3. try to move the mouse to the tabs or location bar, it is impossible and clicking on another tab actually opens another window and/or makes the current malware tab fullscreen (depends on the size of the window) and/or hideous beep making it very difficult to get out of if you don't know what you're doing
Actual results:
see repro step 3
Expected results:
websites should be contained to their tab, they shouldn't be able to take over.
I've attached an animated GIF showing what happens.
Chrome has the same issue, I filed at https://bugs.chromium.org/p/chromium/issues/detail?id=827259
|
||
Updated•7 years ago
|
Blocks: eviltraps
Has Regression Range: --- → irrelevant
Has STR: --- → yes
Component: Untriaged → DOM
Product: Firefox → Core
|
Reporter | |
Comment 1•7 years ago
|
||
The server at 207.246.92.127 is down now. I have a Fiddler capture from earlier today that I made using Chrome if you want to investigate further. See https://bugs.chromium.org/p/chromium/issues/detail?id=827259#c3
|
||
Comment 2•7 years ago
|
||
I don't really understand this. How is the site entering fullscreen? What is the user interaction they're using for this? The website should not get the click on the tab bar...
I haven't tried the capture so far, might be worth investigating.
|
||
Updated•6 years ago
|
Priority: -- → P5
|
|
Reporter | |
Updated•6 years ago
|
See Also: → CVE-2019-11695
this is indeed a duplicate of bug 1445844.
note the mouse cursor changes once the mouse is over the page's content; this is the page hijacking the cursor and replacing it with one that exceeds the content's bounds. when it appears that your cursor is over the tab, it's actually still over the content area so the click activates fullscreen.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
See Also: CVE-2019-11695 →
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•