Blocking fullscreen mode notifications while printing a page on Android.
Categories
(Firefox for Android :: General, defect)
Tracking
()
People
(Reporter: Laraweron, Unassigned)
References
()
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(2 files)
Simultaneously opening fullscreen mode and invoking the print() function triggers an overlap of notifications, as printing takes higher priority and activates the Android software component. Closing the print window using JavaScript seems impractical, so resorting to social engineering might be necessary to prompt the user to press the back button on their smartphone.
In the desktop browser version, the exploit may execute, but there is no observed phishing effect; the browser behavior remains stable.
Disregarding the address bar spoofing, the implementation in real conditions may vary, and it can be entirely acceptable.
The error occurs due to the browser's UX/UI interface. The notification window should explicitly ensure that the user has read the message. In Google Chrome, the window waits for the user to finish printing and return to the content screen.
If the link with the exploit is shared through various messengers, a different browser interface will open. In this interface, even after double-clicking the back button, the address bar will be hidden from the user behind an image.
To address this, it's necessary to configure the policy for simultaneous activation of fullscreen mode and other events. Additionally, configuring the notification interface to display a pop-up window indicating the transition to fullscreen mode is needed.
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
|
||
Updated•11 months ago
|
Description
•