HTML Select Option Can Be Used to Spoof Fullscreen
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: fazim.pentester, Unassigned)
References
Details
(Keywords: csectype-spoof, reporter-external, sec-moderate, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(2 files)
By utilizing the select options dropdown and consecutively clicking the select tag, Firefox fullscreen notification can be obscured. Below is a proof of concept where the attacker site requests the user to triple-click or double-click with a small delay to launch the select option above fullscreen notification, thereby spoofing the browser.
Steps to Reproduce:
- Download the poc.html file.
- Open the poc.html file in firefox for testing.
|
Reporter | |
Comment 1•1 year ago
|
||
In the demo, the victim clicked twice; either clicking twice slowly or three times quickly can obscure the fullscreen notification using the select option dropdown.
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
||
Comment 2•1 year ago
|
||
Hi Makoto! Since you're looking at the related bug 1832627, maybe you could determine if this is an actual duplicat?
|
||
Comment 3•1 year ago
|
||
Yes, this can be dup of bug 1832627. It depends on event order. If fullscreen event is received after showing popup, this issue doesn't occur. After receiving fullscreen event, then when showing popup, popup is override on warning box.
|
|
||
Updated•1 year ago
|
|
|
Reporter | |
Comment 5•1 year ago
|
||
Kindly cc me to that issue, Makoto. Thank you.
|
|
||
Comment 6•1 year ago
|
||
I've CCed you to the other bug.
|
|
Reporter | |
Comment 7•1 year ago
|
||
Thank you, Andrew.
|
|
||
Updated•1 year ago
|
|
||
Updated•9 months ago
|
|
|
||
Updated•5 months ago
|
Description
•