Page actions obscure the domain in the toolbar
Categories
(Firefox for Android :: Toolbar, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox139 | --- | unaffected |
| firefox140 | --- | verified |
| firefox141 | --- | verified |
| firefox142 | --- | verified |
People
(Reporter: michel, Assigned: royang)
References
Details
(Keywords: csectype-spoof, reporter-external, sec-low, Whiteboard: [fxdroid][group3])
Attachments
(6 files, 2 obsolete files)
toolbar_with_trimmed_domain.png
Steps to reproduce
- Take a phone with a small screen. I have the Sony Xperia 5 V, but there are smaller ones.
- Navigate to
https://about.bankofamerica.com/en - Notice that the Toolbar only shows
ofamerica.com. There is not enough room to show the entire domain
Expected behavior
The OriginView should be wide enough to fully display common domain names.
Actual behavior
When reader mode page action is shown on a device with a small screen, the OriginView can only show 13 characters which is shorter than many common domain names. There is even less space when translations are also active.
Device information
- Firefox version: 141
- Android device model: Sony Xperia 5 V
- Android OS version: 15
Any additional information?
I'm marking this as a security issue because.
- The problem was introduced in 140 with the share page action added to the toolbar. I believe that this is a recent an unknown issue.
- The malicious page needs to have reader mode available. This is a trick that might not be obvious for others.
|
Reporter | |
Comment 1•9 months ago
|
||
|
||
Comment 2•9 months ago
|
||
There's a Reddit post about this issue so maybe this doesn't need to be hidden.
|
|
Reporter | |
Comment 3•9 months ago
|
||
I wasn't aware of the Reddit post when I reported this issue. I noticed it when experimenting with the toolbar for another issue. I agree that in that case this issue can be made public. It would be good to get attention from the sec team before this makes it to release.
|
|
Reporter | |
Comment 4•9 months ago
|
||
However, unlike in the Reddit post, my screenshot was made with normal scaling.
|
||
Comment 5•9 months ago
•
|
||
Having too little space available for displaying the URL is an old issue that we know about and are planning to address soon by moving toolbar buttons to the menu and/or the navigation toolbar.
|
|
Reporter | |
Comment 6•9 months ago
|
||
I believe that a solution for this issue is needed before the change makes it into stable. It makes it easy for a website to cover the domain in the toolbar.
|
|
Reporter | |
Comment 7•9 months ago
•
|
||
I propose to not show the share action on small screens (like it's currently in stable) and to reduce the spacing between page action icons. Is it a solution that would be accepted?
|
|
||
Updated•9 months ago
|
|
|
||
Updated•9 months ago
|
|
|
||
Comment 9•9 months ago
|
||
(In reply to Michel Le Bihan from comment #7)
I propose to not show the share action on small screens (like it's currently in stable) and to reduce the spacing between page action icons. Is it a solution that would be accepted?
Thanks!
We'll do a bit more than this.
|
Assignee | |
Comment 10•9 months ago
•
|
||
Share and translation page action was added as part of the toolbar redesign. However, since we still have home button, tabs tray button and menu button, the original toolbar is too crowded to support it.
Remove share and translation page action until we can decide if we should have those in the toolbar. Any future actions will be done as part of the toolbar redesign work.
|
||
Updated•9 months ago
|
|
|
Assignee | |
Comment 11•9 months ago
|
||
|
||
Updated•9 months ago
|
|
|
||
Updated•9 months ago
|
|
|
||
Updated•9 months ago
|
|
||
Comment 12•9 months ago
|
||
|
||
Comment 13•9 months ago
|
||
| bugherder | ||
|
||
Comment 14•9 months ago
|
||
The patch landed in nightly and beta is affected.
:royang, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- See https://wiki.mozilla.org/Release_Management/Requesting_an_Uplift for documentation on how to request an uplift.
- If no, please set
status-firefox140towontfix.
For more information, please visit BugBot documentation.
|
||
Updated•9 months ago
|
|
|
Assignee | |
Updated•9 months ago
|
|
|
Assignee | |
Comment 15•9 months ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D252371
|
|
||
Updated•9 months ago
|
|
|
||
Comment 16•9 months ago
|
||
firefox-beta Uplift Approval Request
- User impact if declined: Smaller devices will have toolbar content obscured by the page actions
- Code covered by automated testing: no
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: Confirm on phone with protrait, share and translation page actions are not shown.
- Risk associated with taking this patch: Low
- Explanation of risk level: Only hiding share and translate page actions.
- String changes made/needed: None
- Is Android affected?: yes
|
|
||
Updated•9 months ago
|
|
|
||
Updated•9 months ago
|
|
|
Reporter | |
Comment 17•9 months ago
|
||
Shouldn't this fix be backported to 140? Being able to see the domain of the visited is a very important feature.
|
||
Comment 18•9 months ago
|
||
related mozilla-beta translation test failures https://bugzilla.mozilla.org/show_bug.cgi?id=1971897 – looks like this proposed uplift will disable the tests
|
|
||
Comment 20•9 months ago
|
||
Assignee rejected this uplift request. It was too risky to take in 140.
|
|
||
Comment 21•8 months ago
|
||
Comment on attachment 9492464 [details]
Bug 1970084 - Removed share and translation page actions in small window devices.
Beta/Release Uplift Approval Request
- User impact if declined/Reason for urgency: Not enough space to show the URL.
Multiple user reports asking to see more of the current URL.
UX requested uplift. - Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: - visit a website which can be translated and viewed in reader mode, like
https://pt.wikipedia.org/wiki/Wikip%C3%A9dia:P%C3%A1gina_principal
- verify than on small screens the share and translation buttons are not shown - while the reader mode still is
- verify that on large screens all 3 buttons - share, translation and reader mode are shown
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Small patch already existent in Nightly and Beta.
- String changes made/needed:
- Is Android affected?: Yes
|
|
||
Updated•8 months ago
|
|
|
||
Comment 22•8 months ago
|
||
Comment on attachment 9492464 [details]
Bug 1970084 - Removed share and translation page actions in small window devices.
There are conflicts with release, would need a separate patch.
|
|
||
Comment 23•8 months ago
|
||
Adding here the original patch rebased on release.
The only difference from what we added in Nightly is not having this code as the initTranslationsUpdates method does not exist yet in release.
|
|
||
Comment 24•8 months ago
|
||
Comment on attachment 9498320 [details] [diff] [review]
Bug_1970084_-_Removed_share_and_translation_page_actions_in_small_window_devices_in_release.patch
Beta/Release Uplift Approval Request
- User impact if declined/Reason for urgency: Not enough space to show the URL.
Multiple user reports asking to see more of the current URL.
UX requested uplift. - Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: - visit a website which can be translated and viewed in reader mode, like https://pt.wikipedia.org/wiki/Wikip%C3%A9dia:P%C3%A1gina_principal
-
verify than on small screens the share and translation buttons are not shown - while the reader mode still is
-
verify that on large screens all 3 buttons - share, translation and reader mode are shown
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Small patch already present in Nightly and Beta.
- String changes made/needed:
- Is Android affected?: Yes
|
|
||
Updated•8 months ago
|
|
|
||
Comment 25•8 months ago
|
||
|
|
||
Updated•8 months ago
|
|
|
||
Comment 26•8 months ago
|
||
Comment on attachment 9498320 [details] [diff] [review]
Bug_1970084_-_Removed_share_and_translation_page_actions_in_small_window_devices_in_release.patch
Dismissing this request in favour of the Phabricator patch.
|
|
||
Updated•8 months ago
|
|
|
||
Comment 27•8 months ago
|
||
|
|
||
Updated•8 months ago
|
|
|
||
Comment 28•8 months ago
|
||
firefox-release Uplift Approval Request
- User impact if declined: Not enough space to show the URL. Multiple user reports asking to see more of the current URL. UX requested uplift.
- Code covered by automated testing: no
- Fix verified in Nightly: yes
- Needs manual QE test: yes
- Steps to reproduce for manual QE testing: - visit a website which can be translated and viewed in reader mode, like https://pt.wikipedia.org/wiki/Wikip%C3%A9dia:P%C3%A1gina_principal verify than on small screens the share and translation buttons are not shown - while the reader mode still is verify that on large screens all 3 buttons - share, translation and reader mode are shown.
- Risk associated with taking this patch: Small
- Explanation of risk level: Small targetted change, verified in Nightly and Beta. There was one related spill fixed in an accompanying uplift request.
- String changes made/needed: No
- Is Android affected?: yes
|
|
||
Updated•8 months ago
|
|
||
Updated•8 months ago
|
|
|
||
Comment 29•8 months ago
|
||
| uplift | ||
|
||
Comment 30•8 months ago
|
||
Remove share and translation page action until we can decide if we should have those in the toolbar. Any future actions will be done as part of the toolbar redesign work.
Hi Roger, do you know if Is there a follow-up ticket setup for this work yet?
We've already received a report on translations icon not showing up when expected on an offer translate page. I'll keep linking against this ticket for now.
|
||
Comment 31•8 months ago
|
||
|
|
||
Comment 32•8 months ago
•
|
||
Comment on attachment 9498928 [details]
Screenshot 2025-07-07 at 16.55.06.png
Verified as fixed on the latest Nightly 142.0a1 - 5.07.2025 and Firefox 141.0b6 with Xiaomi Pad5 (Android 13) and Poco M4 Pro (Android 12).
|
|
||
Updated•8 months ago
|
|
|
||
Updated•8 months ago
|
|
||
Comment 33•8 months ago
|
||
Verified as fixed in latest Firefox for Android 140.0.4 dot release with Google Pixel 8 Pro (Android 15), Samsung GalaxyZ Fold 4 (Android 14), Redmi 9C NFC (Android 10) and Samsung Galaxy S9 (Android 8).
- on small screens the share and translation buttons are not shown, while the reader mode icon is displayed;
- on large screens all 3 buttons - share, translation and reader mode are displayed;
|
|
||
Updated•8 months ago
|
|
|
Assignee | |
Updated•8 months ago
|
|
|
||
Updated•7 months ago
|
Description
•