Closed Bug 152073 Opened 23 years ago Closed 23 years ago

Popup windows can be opened automatically despite disabling open during load

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 144726

People

(Reporter: bugspam, Assigned: security-bugs)

References

(
URL
)

Details

The page at http://www.youmustbejoking.demon.co.uk/formpopup.html shows how a popup window (or two) can be opened despite Mozilla being configured to disable window.open() while loading a page. It seems to me that MANY windows can be opened in this way, potentially using up the machine's memory; if you reload the first popup window in my sequence, it'll create a third popup with the same content as the second. From here to memory exhaustion is but a simple step; a small change to the HTML. I suggest that, for when a page is being loaded, EITHER a pref be added to control whether form submission should be disabled OR the existing disable-open() pref should be extended to cover this. [I'm using Mozilla 1.0.0-1 (Debian unstable); however, I do not believe that this issue is specific to this version.]
hmm.. wfm 2002061304 linux.. didn't see any popups
In your test you don't use window.open, you are just using a target to open the new window, and the second window is opened again by using submit in another form. You can disable this effect by changing the "open a link in a new window" preference.
> You can disable this effect by changing the "open a link in a new window" > preference. This is true, but instead of opening popups, the window content is replaced. Now imagine that you're visiting some site which uses forms in this way to create popup adverts... whoops, where's the site content?
*** This bug has been marked as a duplicate of 144726 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.