1834949 - Fix 1816287 can be Bypassed using setInterval/setTimout Functions

Status: RESOLVED DUPLICATE of bug 1821884

(Core :: DOM: Core & HTML, defect)

Description

[Shaheen Fazim]

Attachment: poc.zip

The fix applied in the report (https://bugzilla.mozilla.org/show_bug.cgi?id=1816287) to address full-screen notification obscuration in Firefox using maximized external application can be bypassed by utilizing the "setInterval" function.

Tested on latest Firefox Nightly (115.0a1) build

Comment 1

[Shaheen Fazim]

Attachment: poc.html

Comment 2

[Daniel Veditz [:dveditz]]

Rating the same as bug 1816287 assuming this works. It doesn't seem to on Mac: I get console errors

⚠️ Request for fullscreen was denied because requesting element is not in the currently focused tab.
❗️⃝ Uncaught (in promise) TypeError: Fullscreen request denied

which I think means the previous fix is working on mac. Or maybe it's because I've got "ask every time" turned on?

Comment 3

[Edgar Chen [:edgar]]

Lets wait for bug 1821884 to be resolved first, the solution there might help this as well.

Comment 4

[:Gijs (he/him)]

(In reply to Edgar Chen [:edgar] from comment #3)

Lets wait for bug 1821884 to be resolved first, the solution there might help this as well.

Did this work out ie has this been addressed by that fix?

Comment 5

[Edgar Chen [:edgar]]

Hmm, I could not reproduce this on Mac, Linux and Windows, I always got

Request for fullscreen was denied because requesting element is not in the currently focused tab.

So I can not verify, but I believe it should as long as we update the focus properly when other application is opened.

Comment 6

[:Gijs (he/him)]

Reporter, are you still seeing this on today's nightly build? (https://nightly.mozilla.org/ )

Comment 7

[Shaheen Fazim]

(In reply to :Gijs (he/him) from comment #6)

Reporter, are you still seeing this on today's nightly build? (https://nightly.mozilla.org/ )

Yes, this poc still works on the latest Firefox Nightly build 116.0a1 (2023-06-11) (64-bit)

Comment 8

[Shaheen Fazim]

(In reply to Shaheen Fazim from comment #7)

(In reply to :Gijs (he/him) from comment #6)

Reporter, are you still seeing this on today's nightly build? (https://nightly.mozilla.org/ )

Yes, this poc still works on the latest Firefox Nightly build 116.0a1 (2023-06-11) (64-bit)

Oh, I tested it again, and it's not working.

Comment 9

[Edgar Chen [:edgar]]

(In reply to Shaheen Fazim from comment #8)

Oh, I tested it again, and it's not working.

I assume you see the fullscreen notification after switching focus back to the browser window that is in fullscreen mode, am I correct? Thanks!

Comment 10

[Shaheen Fazim]

Attachment: nice-fix.png

Comment 11

[Shaheen Fazim]

(In reply to Edgar Chen [:edgar] from comment #9)

I assume you see the fullscreen notification after switching focus back to the browser window that is in fullscreen mode, am I correct? Thanks!

Yes.

Comment 12

[Shaheen Fazim]

Attachment: demo.mp4

Comment 13

[Edgar Chen [:edgar]]

Thanks for the video, this has been addressed by bug 1821884, i.e. the fullscreen notification isn't be hidden by other application, so mark as RESOLVED FIXED.

Comment 15

[Frederik Braun [:freddy]]

This turned out to be a duplicate of, despite the variation in what alternate window was used in the PoC.

Comment 16

[Shaheen Fazim]

(In reply to Frederik Braun [:freddy] from comment #15)

This turned out to be a duplicate of, despite the variation in what alternate window was used in the PoC.

Can you please CC me?

Comment 17

[Frederik Braun [:freddy]]

Done.

Comment 18

[Shaheen Fazim]

Thanks 😄

Comment 19

[Shaheen Fazim]

Oh, this is a different method I didn't think of. Nice! Even if there's a new method, I guess fixing this will prevent these issues. Thanks for the fixes, @edgar and @sefeng.