Closed
Bug 1820697
Opened 2 years ago
Closed 2 years ago
select option with non-breaking spaces hides fullscreen notification, leads to spoof
Categories
(Fenix :: General, defect)
Fenix
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1816059
People
(Reporter: sas.kunz, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(2 files)
I found a vulnerability in firefox android where a select option can cover fullscreen notifications which can lead to spoofs. i tested after fixed: https://github.com/mozilla-mobile/firefox-android/pull/1133 ( https://bugzilla.mozilla.org/show_bug.cgi?id=1819254 )
steps to produce
- open http://103.186.0.20/fullscreenbkp4.html or firefox.html
- click on select option , (when the select option clicked it covers the fullscreen notification)
3 then choose select www.google.com
OS: Android 10 (Samsung M31)
i attached the poc video files.
thank you
Flags: sec-bounty?
|
||
Updated•2 years ago
|
Group: firefox-core-security → mobile-core-security
Component: Security → General
Product: Firefox → Fenix
Summary: select option with hides fullscreen notification, leads to spoof → select option with non-breaking spaces hides fullscreen notification, leads to spoof
|
||
Comment 2•2 years ago
|
||
This looks like a dupe of bug 1816059.
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Duplicate of bug: CVE-2023-29534
Resolution: --- → DUPLICATE
|
||
Comment 3•2 years ago
|
||
Unfortunately this issue was previously reported and is not eligible for a bug bounty
Flags: sec-bounty? → sec-bounty-
|
|
||
Updated•1 year ago
|
Group: mobile-core-security
|
||
Updated•8 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•