Closed Bug 1821709 Opened 2 years ago Closed 2 years ago

Anti-user behavior available to websites

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
Firefox 110
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: coder0xff, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Firefox for Android

Steps to reproduce:

Be a netizen

Actual results:

Firefox (mobile and desktop) breaks basic browser functionality at the behest of anti-user websites:

  • Breaks right-click/long press
  • Breaks selection
  • Breaks zooming
  • Breaks scrolling
  • Breaks the back button/stack alteration/redirection
  • Exploitation of the user agent string to force native application installation
  • Probably more

Expected results:

Firefox does not break fundamental functionality

Hi @Brent, Im trying to reproduce this issue on our end but i dont quite understand what the issue is, What are the websites you are seeing this behavior I'm not sure what anti user websites are. Could you give me some examples ? where are you seeing zoom issues or scrolling issues ? when does the Back button break ?

Could you please get a screen recording of the issue or maybe some Steps on how to reproduce the issue ?

Flags: needinfo?(coder0xff)

Breaks right-click:
I can't think of any sites off the top of my head, but here's a Firefox add-on that is used to fix/workaround the "breaks right-click" issue: https://addons.mozilla.org/en-US/firefox/addon/re-enable-right-click/

Breaks selection:
I can't think of any sites off the top of my head, but here's a Firefox add-on that is used to fix/workaround the "breaks selection" issue: https://addons.mozilla.org/en-US/firefox/addon/enable-selection/

Breaks zooming:
In Firefox mobile, go to twitter.com (it is not necessary to log in). Try to use pinch to zoom to zoom in to Twitter. Observe that it does not work.

Breaks scrolling:
Hopefully, you're getting the idea after the previous examples. There are websites where the is more content on the page, but the user is not allowed to scroll, even though the scrollbar is visible and has space to scroll.

Breaks the back button:
Here's an explanation of how websites can commit this aggression: https://www.codexworld.com/how-to/disable-browser-back-button-using-javascript/

Exploitation of the user agent string to force native application installation:
Here's an example of a culprit website. If you visit in Firefox desktop, it's fine. But visit it in Firefox mobile, and you will not be allowed to use this site, instead being giving only an option to install their app. https://ira.empower-retirement.com/participant/#/login?accu=MYERIRA

I hope that helps. Thanks!

Flags: needinfo?(coder0xff)

Moving this to Fenix General, it seems to be 5 separate issues here, hoepfully one of our devs can identify what is causing these issues.

Component: Untriaged → General
Product: Firefox → Fenix

The severity field is not set for this bug.
:cpeterson, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(cpeterson)

We are not able to reproduce the issues mentioned for Firefox for Android.
Tested on the latest RC 111.1.1 with

Breaks zooming:
In Firefox mobile, go to twitter.com (it is not necessary to log in). Try to use pinch to zoom to zoom in to Twitter. Observe that it does not work.

All the websites can be zoomed when you enable the following option: go to three-dot menu --> Settings --> Accessibility --> Zoom on all websites.

Exploitation of the user agent string to force native application installation:
Here's an example of a culprit website. If you visit in Firefox desktop, it's fine. But visit it in Firefox mobile, and you will not be allowed to use this site, instead being giving only an option to install their app. https://ira.empower-retirement.com/participant/#/login?accu=MYERIRA

The same behavior is on Chrome.

I'll reset the Product to Firefox Desktop, as the mobile situations aren't bugs.
@Brent, please provide more information regarding the versions of Firefox used, and the devices you've encountered the desktop issues on.

Flags: needinfo?(cpeterson)
Severity: -- → S3
Product: Fenix → Firefox
Flags: needinfo?(coder0xff)

Unfortunately I don't think this bug is actionable as-is.

Websites have a large degree of control over what content they send you - the browser can't make a website give you different content by "magically" retrieving the "real" content that you actually want.

(In reply to Brent Lewis from comment #0)

  • Breaks right-click/long press
  • Breaks selection
  • Breaks zooming
  • Breaks scrolling
  • Breaks the back button/stack alteration/redirection

All of these can be used for good and evil, or are just plain website bugs. The browser cannot infer intent from API use in the general case, and (for an example for the last item) know if the website is using pushState the way youtube (for instance) does, legitimately, to have unique URLs for unique videos, or if they're being obnoxious.

We have mitigations around the individual things here in some cases (e.g. shift-right click cannot be blocked by web content and will show you a context menu, and we have code to fix the back button redirection stuff which we've been working on that isn't turned on by default) but if/where those fail, we'd really need (several) specific examples per issue, in a separate bug, and a concrete idea of what the browser should do instead, in order to do anything.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Flags: needinfo?(coder0xff)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.