Closed Bug 1942133 Opened 24 days ago Closed 18 days ago

Fullscreen Notification Spoof via Floating External App on Firefox Desktop & Android

Categories

(Core :: DOM: Core & HTML, defect)

defect

Tracking

()

RESOLVED INVALID

People

(Reporter: frozzipies, Unassigned)

References

Details

(Keywords: reporter-external, Whiteboard: [client-bounty-form])

Summary & Details

This vulnerability occurs when there is a condition that floating external apps can be use to spoof. For example, in Firefox android if we have floating apps that located at a bottom of our screen, it will spoof fullscreen notification. As i said in a title, this also work for Firefox desktop, if we have flaoting apps that located at a top of our screen, it will also spoof fullscreen notification.

Steps to Reproduce

  1. Access this PoC page https://frozzipies.github.io/fullscreen.html
  2. Prepare any overlay app and drag it to the bottom of the screen for Android and to the top of the screen for Desktop
  3. Click anywhere at the PoC page and fullscreen notification will be spoof

Video PoC:
https://drive.google.com/drive/folders/1arHfFULh6wg8Jrfmd8hNwq79cA1UtgFC?usp=sharing

Flags: sec-bounty?
Summary: Fullscreen Notificaion Spoof via Floating External App on Firefox Desktop & Android → Fullscreen Notification Spoof via Floating External App on Firefox Desktop & Android
Group: firefox-core-security → dom-core-security
Component: Security → DOM: Core & HTML
Product: Firefox → Core

This is basically like bug 1832768. I'm not sure we can or should do anything for this.

See Also: → 1832768

If the user has activated an "always on top" app/widget then that is what the user gets; there's really nothing our app can do about that. And there's no way for some malicious content to know it's there in order to take advantage of it.

Group: dom-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 18 days ago
Resolution: --- → INVALID
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.