Block the fullscreen notification on Android using download popups
Categories
(Fenix :: General, defect, P2)
Tracking
(firefox109 wontfix, firefox110 wontfix, firefox111+ fixed)
People
(Reporter: haxatron1, Assigned: petru)
References
Details
(Keywords: sec-high, Whiteboard: [reporter-external] [client-bounty-form] [verif?][adv-main111+])
Attachments
(12 files, 6 obsolete files)
|
349 bytes,
text/html
|
Details | |
|
846.88 KB,
video/mp4
|
Details | |
|
5.29 MB,
video/mp4
|
Details | |
|
7.51 KB,
patch
|
jonalmeida
:
review+
tjr
:
sec-approval+
|
Details | Diff | Splinter Review |
|
22.24 KB,
patch
|
jonalmeida
:
review+
tjr
:
sec-approval+
|
Details | Diff | Splinter Review |
|
43.97 KB,
patch
|
jonalmeida
:
review+
tjr
:
sec-approval+
|
Details | Diff | Splinter Review |
|
7.18 KB,
patch
|
jonalmeida
:
review+
tjr
:
sec-approval+
|
Details | Diff | Splinter Review |
|
14.71 KB,
patch
|
jonalmeida
:
review+
tjr
:
sec-approval+
|
Details | Diff | Splinter Review |
|
22.24 KB,
patch
|
jonalmeida
:
review+
tjr
:
sec-approval+
|
Details | Diff | Splinter Review |
|
50 bytes,
text/x-github-pull-request
|
Details | Review | |
|
58 bytes,
text/x-github-pull-request
|
Details | Review | |
|
344 bytes,
text/plain
|
Details |
When entering fullscreen, the fullscreen notification is essential to warn users that they are entering fullscreen on the site to prevent spoofing attacks as the fullscreen mode lacks the omnibox. See https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29914 for instance.
It is possible to block the fullscreen notification on Firefox by using download popups.
REPRODUCTION STEPS (Tested on Firefox 103.2.0 on Android) :
- Open the file below on Firefox on Android (with the omnibox at the bottom, which seems to be the default for me.)
- Click on the button, the download popup will appear below which will block the fullscreen notification which will also appear at the bottom
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
Assignee | |
Comment 4•2 years ago
|
||
https://github.com/mozilla-mobile/android-components/pull/12971 and https://github.com/mozilla-mobile/fenix/pull/27454 will ensure that the snackbar is always placed on top of the download dialogs.
|
||
Comment 5•2 years ago
|
||
|
||
Updated•2 years ago
|
|
|
||
Comment 6•2 years ago
|
||
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Comment 7•2 years ago
|
||
Patch 1 of the proposed AC changes
The snackbar is placed depending on the toolbar so the relation should be
reversed. The toolbar should not know about and control the snackbar.
There could be other siblings that the snackbar wants to position itself by
and so removing this responsability from BrowserToolbarBehavior will help
better support current and future flows.
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
|
|
Assignee | |
Comment 10•2 years ago
|
||
Patch 1 of the proposed Fenix changes.
Control the snackbar positioning from Fenix.
Previously Android-Components - BrowserToolbarBehavior would be responsible
for positioning the snackbar above the toolbar.
With that responsibility removed we can handle in Fenix positioning the
snackbar depending on the toolbar and many more cases - like positioning it
depending on the download dialogs.
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
|
|
Assignee | |
Comment 13•2 years ago
|
||
Christian noticed that these patches should've been first posted privately to Bugzilla for review and security approval.
Cleaned the changes from the public repos and posted the patches here.
The general direction taken is to place the snackbar above the download dialogs so that no information is lost.
|
|
Assignee | |
Comment 14•1 year ago
|
||
Patch 2 of the proposed Fenix changes
Show the download dialog as an Android View
Tried to mimic the UX of a modal dialog while using Android Views.
This meant including a scrim that would consume all touches and theming the
navigation bar and status bar.
Avoiding a dialog and a separate window will allow the snackbar to see the
new "dialog" as a sibling in a CoordinatorLayout parent and so be able to
position itself based on the new "dialog".
This patch also added "start_download_dialog_layout" from A-C as it leads to
simpler and less code needed to style the layout - colors / shapes with
everything happening in XML versus calculating the values then setting them
programatically.
|
|
Assignee | |
Comment 15•1 year ago
|
||
Patch 3 of the proposed Fenix changes.
Show the 3rd party download dialog as an Android View
This uses the same direction as the before patch - inflating a new View that
can then serve as an anchor for the Snackbar.
Here we could use directly the AC layout as it needed no special customization.
|
|
Assignee | |
Comment 16•1 year ago
|
||
Patch 2 of the proposed AC changes.
Allow a custom View for first party downloads.
This will allow clients easily implement their own UI.
|
|
Assignee | |
Comment 17•1 year ago
|
||
Patch 3 of the proposed AC changes.
Allow a custom view for 3rd party downloads.
This will allow clients easily implement their own UI.
|
|
Assignee | |
Comment 18•1 year ago
|
||
Saw there were some issues with the initially exported patches. Updated them now.
|
|
||
Updated•1 year ago
|
|
|
||
Comment 19•1 year ago
|
||
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Comment 20•1 year ago
|
||
I reviewed and tested all the patches locally - they work well - thanks! I tested rotation as well and the snack bar persists above it as well.
|
|
Assignee | |
Comment 21•1 year ago
|
||
Comment on attachment 9303692 [details] [diff] [review]
For_1783561_-AC_Patch1_Stop_BrowserToolbarBehavior_positioning_the_snackbar.patch
Security Approval Request
- How easily could an exploit be constructed based on the patch?: The proposed patches will refactor the snackbar and download dialogs functionality.
One might infer a connection between these features being refactored together but there is no clear indication of a security issue. - Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?: No
- Which older supported branches are affected by this flaw?: All
- If not all supported branches, which bug introduced the flaw?: None
- Do you have backports for the affected branches?: No
- If not, how different, hard to create, and risky will they be?: The entire stack of patches must be merged together.
The result is a big refactoring, quite complex and as such is risky to uplift. - How likely is this patch to cause regressions; how much testing does it need?: The end result will change the behavior of the snackbar and download dialogs.
All scenarios involving them should be tested. - Is Android affected?: Yes
|
|
Assignee | |
Updated•1 year ago
|
|
||
Comment 22•1 year ago
|
||
Comment on attachment 9303695 [details] [diff] [review]
Bug_1783561_-_Fenix_Patch1_Control_the_snackbar_positioning_from_Fenix.patch
Uhg, I'm sorry I didn't check this before or during the break. This is approved to land (both the functionality parts of patches and test parts of patches) IF you are prepared for this to go into Fenix beta this cycle. If you want this to bake in Nightly for longer than the few days before the beta uplift period then we probably want to wait until next release. You can check with RyanVM about the last date he would uplift patches for Beta this cycle.
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 23•1 year ago
|
||
Thank you Tom!
I think it's preferable for this to have more time in Nightly, will try landing after the next beta cut.
|
|
||
Comment 24•1 year ago
|
||
|
|
||
Comment 25•1 year ago
|
||
|
|
||
Comment 26•1 year ago
|
||
Merged https://github.com/mozilla-mobile/firefox-android/commit/c53dd65718579006e174803acf683ffd44075049
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
||
Comment 27•1 year ago
|
||
Are we planning to backport this to v110 still?
|
|
Assignee | |
Comment 28•1 year ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #27)
Are we planning to backport this to v110 still?
Maybe after a few more days after QA validation and the change being out in the wild.
The changes are pretty significant and there is a risk of something getting broken.
|
||
Comment 29•1 year ago
|
||
This is getting late for a beta uplift with risks of breaking functionality, Petru, Tom, does it need to ship in 110 or can it ship in 111?
|
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 31•1 year ago
|
||
The fix for this was verified by QA in https://bugzilla.mozilla.org/show_bug.cgi?id=1812518.
|
|
||
Updated•1 year ago
|
|
|
||
Comment 32•1 year ago
|
||
|
|
||
Updated•1 year ago
|
|
|
||
Updated•6 months ago
|
| Comment hidden (collapsed) |
Description
•