Closed
Bug 208168
Opened 22 years ago
Closed 21 years ago
Malicious scripts can move browser window so it can't be used/closed and open more such windows on close
Categories
(SeaMonkey :: General, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: Viper770, Unassigned)
References
()
Details
Attachments
(1 file)
|
1.38 KB,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.5a) Gecko/20030603
Build Identifier: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.5a) Gecko/2003060308
If i check the sit www.raus.de/crashme the mozilla windows will minzip and run
above the whole screen.
Reproducible: Always
Steps to Reproduce:
1. start mozilla
2. go to www.raus.de/crashme
3. lot of fun
Actual Results:
the windows will be faster and you cant catch it. Computer will hang off.
WFM You might want to turn on popup blocker and turn off "Move or resize
existing windows" and "Raise or lower windows"
I would think IE would do the same thing.
|
||
Comment 2•22 years ago
|
||
Actually, IE is much worse.
You can kill Mozilla via the task manager, but IE constantly removes focus from
its confirmation box for killing, so you first have to lower its priority...
It's also moving much faster, this may be due to different interpretation of
"setTimeout" in JS or just because Mozilla is slower...
Attachment is the evil page, made a bit more readable by me; please only save
it or visit it with JavaScript turned off to avoid trouble... (or at least be
ready to kill Mozilla)
The page will first move your Mozilla window and create several small moving
windows when you make it to close the main window. Don't know what happens on
closing the small windows, I did not have the guts to do so...
(the small windows have the same URL, so better not close them)
|
|
||
Comment 3•22 years ago
|
||
The script does two things:
- on loading of the page it begins to move the window randomly
- on closing of the page it opens several other windows with the same content
and function.
Moving windows can be switched off in the preferences ("Scripts&Plugins"). When
it is not switched off, I cannot see how Mozillas behaviour is wrong...
The popups can also be avoided with the builtin popup blocker. When popups are
allowed, I don't see what Mozilla could do about it (apart from limiting the
number of windows, which does not really help).
Both features should be switched off anyway, so with Mozilla this page is not
really dangerous - with IE you have a hard fight to stop it without rebooting.
And only if you know what to do.
Because Mozilla does what it is told, this is not a bug (-> INVALID) and I don't
see things that could protect you from such sites when you enable popups and
moving of windows.
But nevertheless I'll ask some people before resolving.
Summary: minzip windows and going abouve the whole screen → minzip windows and going above the whole screen
|
||
Comment 4•22 years ago
|
||
We already have a feature that only a window opened by script may be closed by
script, would it help if that feature was extended to resizing etc?
|
|
||
Comment 5•22 years ago
|
||
In this case activating such a feature would only prevent the first window from
moving, but sooner or later it would be closed (the page unloaded) and the child
windows would behave just the same way as they do now.
The only benefit: if popups are disabled, but moving by scripts is enabled, this
would help because there are no child windows, then.
Summary: minzip windows and going above the whole screen → Malicious scripts can move browser window so it can't be used/closed and open more such windows on close
|
||
Comment 6•21 years ago
|
||
This doesn't seem like a browser bug. We have sufficient tools (namely pop-up
blocker) to negate any crash or DOS here.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
|
||
Updated•21 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•