PopupNotifications Clickjacking: Bypass full screen prompt restrictions (Bug 1522120) and extended security delay (Bug 1857430)
Categories
(Toolkit :: PopupNotifications and Notification Bars, defect)
Tracking
()
People
(Reporter: sas.kunz, Unassigned)
References
Details
(Keywords: reporter-external, sec-moderate, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(4 files, 1 obsolete file)
i found a vulnerability where user can fall for clickjacking to allow camera permission or other permissions
I tested on Firefox version : developer edition 120.0b9(64-bit)
steps to reproduce:
- Open clickjackingfirefox.html
2 . Click on "To Play The Game Please Read Instruction" button then close/back to clickjackingfirefox.html page - Click on "Click 2-3 times ................................." button 2-3 times
references :
https://bugzilla.mozilla.org/show_bug.cgi?id=1826116
https://bugzilla.mozilla.org/show_bug.cgi?id=1857430
this vulnerabilty is not only clickjacking but also the permission prompt can obscured the fullscreen notification
steps to reproduce:
- Open clickjackingfirefox.html
2 . Click on "To Play The Game Please Read Instruction" button then close/back to clickjackingfirefox.html page - Click on "Click 2-3 times ................................." button 2-3 times
Updated•1 year ago
|
Comment 7•1 year ago
|
||
The partial obscuring of the full screen notification doesn't seem like too much of an issue.
It seems like the clickjacking relies on the user leaving the permission prompt up for a long time which doesn't seem too realistic, and the user has to also keep clicking through the weird flashing from the full screen transition. That being said, it doesn't seem great that we move the prompt and it retains the activation time.
Comment 8•1 year ago
|
||
This bypasses leaving full screen when a permission prompt shows (Bug 1522120) and therefore also the extended security delay we would apply in this case (Bug 1857430).
Comment 9•1 year ago
|
||
Verified fixed by Bug 1865914. Tested on Nightly 122.0a1 (2023-12-03) (64-bit) on Windows 11.
Reporter | ||
Comment 10•1 year ago
|
||
hi pbz this bug has an ID earlier than 1865465 how do you say this is a duplicate
Reporter | ||
Comment 11•1 year ago
|
||
i reported with id 1865465 it earlier than 1865914
Comment 12•1 year ago
|
||
I'm only duping this on Bug 1865914 since that's where the fix landed. This is done purely for practical reasons and doesn't have anything to do with bug bounty considerations. I'll make sure Dan is aware of that.
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Updated•7 months ago
|
Updated•6 months ago
|
Description
•