Closed Bug 1554975 Opened 6 years ago Closed 6 years ago

Fenix JavaScript modals should not block whole UI from being interactive

Categories

(Firefox for Android :: General, defect)

Product:
Firefox for Android
Component:
General
Platform:
Unspecified
Android
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: freddy, Unassigned)

References

Details

(Keywords: sec-low)

We've seen annoying websites spamming the user with prompt(), alert() or confirm() dialogs and ended up making them tab-modal, so the user could retain control of the user interface, switch tabs or just close the tab.

It appears that modal dialogs in Fenix block the user interface.

Note that if the page continue to show modal dialogs that the dialog will contain a checkbox to stop the page from showing more dialogs.

The alert dialogs have cancelable = true and also have the checkbox Sebastian mentions to prevent further alerts. This means the user can press anywhere outside the dialog to dismiss quickly and the next click will fall on the app's UI. If the site re-pops the dialog too quickly, it will contain an option to prevent further dialogs from appearing from this site.

Is this a sufficient resolution or do you have an example exploit test case we should handle better?

Flags: needinfo?(fbraun)

Thanks, I'd consider this fixed.

Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(fbraun)
Resolution: --- → FIXED
Group: mobile-core-security → core-security-release
Group: core-security-release
Component: Security: Android → General
OS: Unspecified → Android
See Also: → 1931857
You need to log in before you can comment on or make changes to this bug.