Closed Bug 1490656 Opened 7 years ago Closed 7 years ago

fullscreen notification spoof

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1437219

People

(Reporter: ma7h1as.l, Unassigned)

Details

Attachments

(1 file)

ff_overlay.jpg 7 years ago mathiaswu 21.28 KB, image/jpeg		Details

mathiaswu

Reporter

Description

•

7 years ago

Attached image ff_overlay.jpg — Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 Firefox for Android Steps to reproduce: online demo: http://f.3cm.me/r/ff_fullscreen.html attacker could use this to overlay the security notification and draw a fake addressbar on the top. Actual results: see ff_overlay.jpg , the fullscreen notification is overlaid. Expected results: when call window.open , window.focus function , should kick its opener out of fullscreen mode. fixed issue in chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=752003 https://bugs.chromium.org/p/chromium/issues/detail?id=776418

:Gijs (he/him)

Updated

•

7 years ago

Status: UNCONFIRMED → RESOLVED

Closed: 7 years ago

Resolution: --- → DUPLICATE

Daniel Veditz [:dveditz]

Updated

•

3 years ago

Group: firefox-core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

fullscreen notification spoof

Categories

(Firefox :: Untriaged, defect)

Tracking

()

People

(Reporter: ma7h1as.l, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Updated

Attachment

General

Description

File Name

Content Type