window.prompt() with long description hides fullscreen notification, leads to spoof
Categories
(Fenix :: General, defect)
Tracking
(Not tracked)
People
(Reporter: sas.kunz, Unassigned)
References
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(2 files)
I found a vulnerability in firefox android where a window prompt with a long description can cover fullscreen notifications which can lead to spoofs. this is same like : https://bugzilla.mozilla.org/show_bug.cgi?id=1798798
steps to produce
- open pocalert2.html
- Click the open to google button
- Then a dialog prompt window appears with a long description and covers the fullscreen notification
4 then click ok
OS: Android 12 (Samsung M31)
i attached the poc video files.
thank you
|
||
Comment 2•1 year ago
|
||
AFAICT in the recording, full screen is exited when the prompt appears, showing the address bar. So I don't see how this is a spoof?
|
||
Comment 3•1 year ago
|
||
On my phone, which must be a little taller than the reporter's, I see the fullscreen toast below the prompt. I also see the text box of the prompt which isn't visible in the video (doesn't make a difference to the PoC, just more evidence for a height difference). But those are besides the point. once the prompt is closed there's no spoofing of the URL bar.
How is this not a straight dupe of bug 1798798 (which is fixed)? The only difference between the two testcases is a change to call the prompt() from a timeout, but that doesn't seem to make any difference. I get the same results from the testcases in both bugs.
I'm sorry, it's true that it goes out of full screen mode
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
||
Updated•8 months ago
|
Description
•