Closed Bug 1826648 Opened 2 years ago Closed 2 years ago

Nasty website are able to control Firefox window

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
Firefox 111
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: fabrice.salvaire, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0

Steps to reproduce:

I noticed nasty website are still able to control Firefox window quite efficiently.
The strategy is usually :

  • to open a lot of windows to saturate the user
  • to try to block the user to close them or tabs
  • to modify the window appearance to block the user to close it
  • to reopen a lot of windows
  • to reopen a new url in the tab when user try to close it

They are sometimes so efficient that an OS kill signal is the only solution to stop that.

I conclude there is an insecure API or these websites use an exploit to gain privilege.

In my case, I would prefer a Firefox logging feature to trace those activities than to discover how secure is the reality !

The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Widget: Gtk
Product: Firefox → Core
Component: Widget: Gtk → General
Product: Core → Firefox

You can change the Firefox settings whether to allow websites to open popup windows.

I conclude there is an insecure API or these websites use an exploit to gain privilege.

The conclusion is incorrect and not justified by the observed behavior which can be triggered by standard HTML and standard JavaScript.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.