Android Firefox Focus Permanent Full Screen Spoof when it's reloaded after opening Nightly and come back
Categories
(Focus :: General, defect, P2)
Tracking
(Not tracked)
People
(Reporter: proof131072, Unassigned)
References
Details
(Keywords: csectype-spoof, reporter-external, sec-moderate, Whiteboard: [dupe of 1854417?][reporter-external] [client-bounty-form] [verif?])
Attachments
(4 files)
This is a relatively harder issue to explain, please understand that part first (we might need some lengthy discussion before reproducing and completely understand)
We are able to Full Screen Spoof Android Firefox Focus permanently even when you try to exit.
This happens when we load JavaScript dialog with 401 Auth prompt with full screen and then go to Nightly to trigger reloading behaviour on Focus that will lead to not exitable permanent spoof which is bad.
Please note that I initially found this issue on 118. (I really have to stop excusing myself from reporting bugs immediately that's a bit hard to explain, I know. I'm trying to overcome this and it's one of the main goals this year)
PoC demo: https://pwning.click/focusnoti.php
This is what I mentioned on https://bugzilla.mozilla.org/show_bug.cgi?id=1854417#c3
|
||
Updated•1 year ago
|
Ok so we are able to reproduce this with no user interaction just by using other apps for a while and coming back or let device sleep a little and coming back.
We can trigger this without JavaScript dialog and 401 Auth prompt.
Test it on https://pwning.click/focusnoti2.php
Being able to reload JavaScript dialogs with no origin inside full screen spoof when we trigger this seems to be different issue but I'm not sure if I need to open new report for that?
|
||
Comment 8•1 year ago
|
||
How is this different from bug 1854417? You never provided a testcase for that one, and without that this looks like a demonstration of that concept rather than a different issue.
bug 1854417 is about Full Screen persisting after leaving focus while this is about "not exitable" with back button Full Screen spoof.
So PoC code would be same simple Full Screen trigger but reproduce steps is different since this is about Full Screen spoof getting stuck so we can't escape from it.
|
Reporter | |
Comment 10•1 year ago
|
||
I just found the report on issue for Firefox which is same impact to this one: https://bugzilla.mozilla.org/show_bug.cgi?id=1719088
|
||
Updated•1 year ago
|
|
|
Reporter | |
Comment 11•1 year ago
|
||
This is P1 sec-high as per https://bugzilla.mozilla.org/show_bug.cgi?id=1719088
|
|
Reporter | |
Comment 12•1 year ago
|
||
I'll clarify this again, repeatedly clicking / tapping on back button will NOT allow you to exit Full Screen, in fact there is no other way to exit from it as far as I can tell from my test.
bug 1854417 is persisting Full Screen after you left the Focus and come back which is immediately exitable after tapping on back button, while this stuck/jail you inside Full Screen Spoof with any spoofed content.
|
|
Reporter | |
Comment 13•1 year ago
|
||
Ah, needinfo is done by mistake though, I apologise about that.
|
||
Updated•1 year ago
|
|
|
Reporter | |
Comment 14•1 year ago
|
||
Any update here? is this issue understood or is there anything I can help?
|
||
Updated•11 months ago
|
|
||
Comment 15•8 months ago
|
||
as i understand it, i think this is a duplicate of an issue i fixed, but if not please explain the steps to reproduce a bit more clearly
|
|
||
Updated•8 months ago
|
|
|
||
Updated•26 days ago
|
Description
•