Open Bug 1953076 Opened 10 months ago Updated 9 months ago

Event conflict: cursor capture, printing, fullscreen mode, and form message output lead to undesirable interaction

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

People

(Reporter: sas.kunz, Unassigned)

References

Details

(Keywords: csectype-dos, reporter-external, sec-low, Whiteboard: [client-bounty-form])

Attachments

(2 files)

bandicam 2025-03-11 15-41-34-850.mp4
4.10 MB, video/mp4
Details
printy.html
2.67 KB, text/html
Details

bug https://bugzilla.mozilla.org/show_bug.cgi?id=1883396 can still reproduce. The user must press escape quickly to exit fullscreen mode.

Firefox version: 137.0b2
OS: Windows 11

Flags: sec-bounty?
Attached file printy.html

step to reproduce:

  1. open printy.html
  2. press escape

it requires 4x press escape to exit fullscreen mode

Group: firefox-core-security → dom-core-security
Component: Security → DOM: Core & HTML
Keywords: csectype-spoof
Product: Firefox → Core
See Also: → CVE-2024-6608
Summary: bug https://bugzilla.mozilla.org/show_bug.cgi?id=1743329 can still reproduce → requestPointerLock on iFrame src from different origin able to move the cursor out of viewport
See Also: CVE-2024-6608CVE-2024-6610
Summary: requestPointerLock on iFrame src from different origin able to move the cursor out of viewport → Event conflict: cursor capture, printing, fullscreen mode, and form message output lead to undesirable interaction

it requires 4x press escape to exit fullscreen mode

Not always... we've gotten out with just one sometimes, and consistently with 2. This was not a hard DOS to escape.

Un-hiding because the testcase is public in the old bug.

Group: dom-core-security
Keywords: sec-low
Severity: -- → S3
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: