Closed Bug 1921500 Opened 1 year ago Closed 1 year ago

display the [Esc ] Notification in Fullscreen window (f11)

Categories

(Core :: DOM: Core & HTML, enhancement)

Product:
Core
Component:
DOM: Core & HTML
Version:
Firefox 132
Type:
enhancement

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1867237

People

(Reporter: Puf, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0

Steps to reproduce:

I Would like to give a Security Improvement for Future Firefox Updates

Steps to Reproduce

  1. Shows Attacker Page
  2. Instruct User to Keypress (f11) to Open login
  3. User keypress (f11) automatically page changes to the entire screen with attacker-controlled Spoofed content with URL Spoof Page.

Actual results:

Because the Fullscreen message is never displayed, the user is not capable to know that they entered Fullscreen, which allows an attacker to spoof the entire screen with attacker-controlled content.

maybe some users know (f11) changes to Fullscreen

Expected results:

  1. Display Notification [ To exit full screen, move mouse to top of screen or Press [Esc] ]

  2. Adding [ x Exit Fullscreen] in the Firefox contest menu

Note: I will tick on Security category to be kept hidden from Public, you can remove these restrictions if you feel it's not security problem

Group: firefox-core-security → dom-core-security
Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core

See bug 1867237 comment 5

Group: dom-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Duplicate of bug: 1867237
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.