Changing screen.orientation hides Full Screen Notification in Firefox Android
Categories
(Firefox for Android :: General, defect, P2)
Tracking
()
People
(Reporter: Puf, Assigned: polly)
References
Details
(Keywords: csectype-spoof, reporter-external, sec-moderate, Whiteboard: [client-bounty-form][adv-main130-])
Attachments
(3 files)
Puf Explain.png
Hide Full Screen Notification in Firefox Android Using mailto:
Using Android Intent Link, We Can Hide Full Screen Notification in Firefox Android
The Intent App Selection Open With & Then it Moves to Full Screen Mode & Turns to landscape screen.orientation
POC Video Private Unlisted : https://www.youtube.com/shorts/mXopnhbh9Q8
Firefox Version: [124.0a1 (Build #2016000647)]
Operating System: [Android 13]
Steps to Reproduce:
- Host PufIndex.Html In HTTP Server
- Now Visit the Page Click On [Click Me] Button
- Open in another app = Now Click On [OPEN]
4.Success
I Have Attached POC Video Please Check It Out
Please Let Me Know If You Have Any Questions
Thank You
|
||
Updated•1 years ago
|
|
Reporter | |
Comment 1•1 years ago
|
||
First It Will Open Apps Selection Dialog, After it will Immediately Enter into FullScreen Mode and then it Turns to landscape screen.orientation
The Fullscreen Notification Hides Behind Apps Selection Dialog. screen.orientation Change landscape to portrait Immediately This Makes User to Delay in Choosing Selection App
|
||
Updated•1 years ago
|
|
||
Updated•1 years ago
|
|
|
Reporter | |
Comment 2•1 years ago
|
||
I Would Like to Clarify Here
Full Screen Notification Hides Behind OPEN WITH Apps Selection Dialog
Changing screen.orientation Does not Hide Full Screen Notification
Thank You
|
|
Reporter | |
Comment 3•1 years ago
|
||
Full Screen Notification Hides Behind System App Intent Selection Dialog
New POC Video Private Unlisted: https://www.youtube.com/shorts/fNaWroL4mB0
Steps to Reproduce:
- Open PufNew.html
- Double Tap Me > On Button
- Image Selection Dialog Shows It Hides Fullscreen Notification
- Done
|
|
Reporter | |
Comment 4•1 years ago
|
||
|
|
Reporter | |
Comment 5•1 years ago
|
||
Two Types of Attacking Techniques in this Vulnerability
-
Double tap on Screen can potentially hide the full-screen toast Using file Select Dialog in Android Which Leads Spoofing
-
in Another Way Attacker Can Use this vulnerability for Stealing Images by Changing Background to http://www.google.com Page Screenshot While It's on Fullscreen Mode & it Does not Show full-screen toast, User thinks it's On Real page http://www.google.com Which Leads to Upload Images
I think severity should be Sec-High Please Verify Once again. Thank you!
| Comment hidden (duplicate) |
|
||
Updated•1 year ago
|
| Comment hidden (duplicate) |
| Comment hidden (duplicate) |
|
|
Reporter | |
Comment 9•1 year ago
|
||
Verified Testing! Looks like this vulnerability is fixed! in latest Firefox nightly version
Please Verify and Change Status to fixed
Thank you!
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 10•1 year ago
|
||
yes, i agree - have retested in latest nightly (130.0.a1) and looks like this is now fixed! thanks for the heads up :)
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Comment 11•11 months ago
|
||
This bug will be referenced in the advisory for the fix (bug 1902996)
|
|
||
Updated•4 months ago
|
Description
•