Closed
Bug 1822305
Opened 1 year ago
Closed 1 year ago
Block the fullscreen notification on Android using external protocol prompt
Categories
(Fenix :: General, defect)
Tracking
(firefox111 wontfix, firefox112 fixed, firefox113 fixed)
RESOLVED
FIXED
113 Branch
People
(Reporter: haxatron1, Assigned: petru)
References
Details
(Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(3 files)
The new external protocol prompt on Android seems to be asynchronous. Therefore it is possible to trigger a keyboard and the external protocol prompt and fullscreen at the same time which causes the fullscreen popup to be covered.
- Go to fullscreen-bypass.html
- Click the input bar
Flags: sec-bounty?
Group: firefox-core-security → mobile-core-security
Component: Security → General
OS: Unspecified → Android
Product: Firefox → Fenix
Hardware: Unspecified → Other
Version: unspecified → Firefox 111
The solution should be if any prompt is encountered, Firefox should exit fullscreen as per Firefox for Desktop and Chrome for Android / Desktop does.
|
Assignee | |
Comment 3•1 year ago
|
||
Thank you!
Seems like a variation of an already reported issue regarding this prompt in bug 1821576.
Would be fixed with the same approach as on bug 1816059.
|
|
Assignee | |
Comment 5•1 year ago
|
||
Thank you for the confirmation!
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
|
||
Updated•1 year ago
|
Assignee: nobody → petru.lingurar
Group: mobile-core-security → core-security-release
status-firefox111:
--- → wontfix
Target Milestone: --- → 113 Branch
|
||
Comment 6•1 year ago
|
||
As we expected, this did turn out to be fixed by the redesigned mechanism in bug 1816059 making this essentially a dupe for purposes of the bug bounty.
Flags: sec-bounty? → sec-bounty-
|
||
Comment 7•1 year ago
|
||
|
|
||
Updated•6 months ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•