keyboard layout hides fullscreen notification on landscape mode on firefoxfocus, leads to spoof
Categories
(Focus :: General, defect, P2)
Tracking
(firefox111 wontfix, firefox112 fixed, firefox113 fixed)
People
(Reporter: sas.kunz, Assigned: petru)
References
Details
(Keywords: csectype-spoof, reporter-external, sec-high, Whiteboard: [reporter-external] [client-bounty-form] [verif?][adv-main112+])
Attachments
(7 files, 1 obsolete file)
I found a vulnerability in firefox focus (landscape mode) when click on the text box it opens keyboard layout when running fullscreen, keyboard layout covers fullscreen notification.
steps to generate
- Go to http://103.186.0.20/fullscreenfocus.html
- Click on TextBox (hide full screen notification)
update step to produces:
- Go to http://103.186.0.20/fullscreenfocus.html (open on landscape mode)
- Click on TextBox (hide full screen notification)
Updated•2 years ago
|
Updated•2 years ago
|
i updated the poc please see the new poc video. notification full screen closed by telegram notification (still on landscape mode)
Comment 8•2 years ago
|
||
Petru, based on your similar work for bug 1816059, do you know if a Toast would appear over the system keyboard? I'm wondering if we can just use that same fix here in Focus.
Assignee | ||
Comment 9•2 years ago
|
||
Yes, a Toast does not know what being shown on the screen, it will be shown at a specific location on top of anything that's showing so bug 1816059 would fix this also.
Assignee | ||
Comment 10•2 years ago
|
||
@Hafiizh Can you confirm that the current Nightly avoids this issue?
Reporter | ||
Comment 12•2 years ago
|
||
Assignee | ||
Comment 13•2 years ago
|
||
Thank you for the confirmation!
Comment 14•2 years ago
|
||
This fix can ride the trains in 112. We don't need to uplift to a 111 dot release if the bug isn't being actively exploited.
Updated•2 years ago
|
Comment 15•2 years ago
|
||
As we expected, this did turn out to be fixed by the redesigned mechanism in bug 1816059 making this essentially a dupe for purposes of the bug bounty.
Reporter | ||
Comment 16•2 years ago
|
||
hey daniel your development team decided to use toast or sneakbar 12 days ago on bug https://bugzilla.mozilla.org/show_bug.cgi?id=1816059 (on comment 13 (petru)) while this bug 1821155 opened the day before Your team decided to use a toast or sneakbar and it hasn't been fixed yet and your team went to https://bugzilla.mozilla.org/show_bug.cgi?id=1822140 to decide to use a toast instead of a sneakbar. I also didn't know you would use toast . don't you say I redesigned it for bug bounty reasons .sigh
Updated•2 years ago
|
Comment 17•2 years ago
|
||
Comment 18•2 years ago
|
||
Updated•1 year ago
|
Updated•6 months ago
|
Description
•