Closed Bug 1450083 Opened 2 years ago Closed Last year

web page hijacks tabs and location bar

Categories

(Core :: DOM: Core & HTML, defect, P5)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1445844

People

(Reporter: raysatiro, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

Steps to reproduce:

Firefox 61.0a1 (2018-03-29) (64-bit)
20180329100042

1. careful it's a malware / fake tech support page. http://207.246.92.127/ch/
2. hover the mouse over the page and the webpage takes over the mouse
3. try to move the mouse to the tabs or location bar, it is impossible and clicking on another tab actually opens another window and/or makes the current malware tab fullscreen (depends on the size of the window) and/or hideous beep making it very difficult to get out of if you don't know what you're doing


Actual results:

see repro step 3


Expected results:

websites should be contained to their tab, they shouldn't be able to take over.

I've attached an animated GIF showing what happens.

Chrome has the same issue, I filed at https://bugs.chromium.org/p/chromium/issues/detail?id=827259
Blocks: eviltraps
Has Regression Range: --- → irrelevant
Has STR: --- → yes
Component: Untriaged → DOM
Product: Firefox → Core
The server at 207.246.92.127 is down now. I have a Fiddler capture from earlier today that I made using Chrome if you want to investigate further. See https://bugs.chromium.org/p/chromium/issues/detail?id=827259#c3
I don't really understand this. How is the site entering fullscreen? What is the user interaction they're using for this? The website should not get the click on the tab bar...

I haven't tried the capture so far, might be worth investigating.
Priority: -- → P5
See Also: → CVE-2019-11695
this is indeed a duplicate of bug 1445844.

note the mouse cursor changes once the mouse is over the page's content; this is the page hijacking the cursor and replacing it with one that exceeds the content's bounds.  when it appears that your cursor is over the tab, it's actually still over the content area so the click activates fullscreen.
Status: UNCONFIRMED → RESOLVED
Closed: Last year
Resolution: --- → DUPLICATE
See Also: CVE-2019-11695
Duplicate of bug: CVE-2019-11695
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.