Requesting principal not obvious when invoking external protocol handlers with `window.open`, non _self target.
Categories
(Firefox :: File Handling, defect)
Tracking
()
People
(Reporter: bvandersloot, Unassigned)
Details
(Keywords: csectype-spoof, sec-low)
Attachments
(1 file)
|
181 bytes,
text/html
|
Details |
This leads to unclear UI for the permission dialog where the URL bar shows about:blank, the prompt doesn't have the opener in the title, but has it in the "allow always" checkbox description. This seems like a good chance to confuse the user. Marking as sec out of an abundance of caution.
|
||
Updated•9 months ago
|
|
|
||
Updated•9 months ago
|
|
||
Comment 1•9 months ago
|
||
Paul: is this different from bug 1912537? I guess that one mentions "data:" instead of about:blank, but they're really the same problem. file:// origins would be another instance.
|
|
||
Comment 2•9 months ago
|
||
We've got a bunch of mobile bugs filed on this very spoofing issue, too, and on Android the issue stems from shared Gecko code usually.
|
|
||
Comment 3•8 months ago
|
||
Redirecting to Gijs since he has worked on the other bug.
|
||
Comment 4•8 months ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #2)
We've got a bunch of mobile bugs filed on this very spoofing issue, too, and on Android the issue stems from shared Gecko code usually.
I think sadly the permissions bit for protocol (at least the UI!) is not shared. On desktop we use tab-specific dialogs. Android and iOS both have issues with tabs switching out from under them, and must be using different UI.
I do think this looks basically the same as bug 1912537.
|
|
||
Updated•26 days ago
|
Description
•