Closed
Bug 214721
Opened 21 years ago
Closed 21 years ago
long xpi filename can push "Cancel" button off screen
Categories
(Core Graveyard :: Installer: XPInstall Engine, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: jruderman, Assigned: sspitzer)
Details
(4 keywords)
Attachments
(3 files, 2 obsolete files)
51.54 KB,
image/png
|
Details | |
51.40 KB,
image/png
|
Details | |
4.52 KB,
patch
|
mkaply
:
approval1.4.2+
asa
:
approval1.5+
|
Details | Diff | Splinter Review |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030730 Mozilla
Firebird/0.6.1
An XPI with a very long filename pushes the Cancel button off the screen, making
it look like Install is the only button [screenshot 1]. A slightly longer
filename pushes enough of the Install button off of the screen that you can't
tell what the button says [screenshot 2].
This is a security hole. I would expect to have a high success rate with this
attack, even though the "close window" button in the titlebar is still available.
Reporter | ||
Updated•21 years ago
|
Whiteboard: security
Reporter | ||
Comment 1•21 years ago
|
||
Reporter | ||
Comment 2•21 years ago
|
||
Comment 3•21 years ago
|
||
ssu, do you have cycles to work on this?
Updated•21 years ago
|
Flags: blocking1.5?
Comment 4•21 years ago
|
||
blake or ben, can you look at this. it doesn't look very difficult.
Flags: blocking1.5? → blocking1.5+
Assignee | ||
Comment 5•21 years ago
|
||
note, the file in question is
http://lxr.mozilla.org/mozilla/source/xpinstall/res/content/institems.xul
Assignee | ||
Comment 6•21 years ago
|
||
Assignee | ||
Comment 7•21 years ago
|
||
bad things can still happen if you make this dialog too narrow.
also, this uses window and not dialog (it must be one of the old, old dialogs)
let me look into that.
Assignee | ||
Comment 8•21 years ago
|
||
Attachment #130697 -
Attachment is obsolete: true
Comment 9•21 years ago
|
||
Attachment #130701 -
Flags: review+
Assignee | ||
Comment 10•21 years ago
|
||
Attachment #130701 -
Attachment is obsolete: true
Assignee | ||
Comment 12•21 years ago
|
||
fixed, thanks to ben for the review.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Comment 13•21 years ago
|
||
Comment on attachment 130702 [details] [diff] [review]
updated patch
a=asa (on behalf of drivers) for checkin to Mozilla 1.5
Attachment #130702 -
Flags: approval1.5+
Assignee | ||
Comment 14•21 years ago
|
||
the current UI for dialog is:
<name> <cert name> <full url>
you can still run into some less than desirable appearance issues if any of
those are overly long (but at least the buttons will be on screen).
I'm sure the UI could be improved, and I'll log a bug to track that.
Assignee | ||
Comment 15•21 years ago
|
||
spun off the UI issue to bug #218030
Comment 16•21 years ago
|
||
drivers, do we want this for 1.4?
Flags: blocking1.4.2?
Flags: blocking1.4.1?
Updated•21 years ago
|
Flags: blocking1.4.1?
Comment 17•21 years ago
|
||
fixed in 1.5, removing security flag
Group: security
Whiteboard: security → [sg:fix]
Reporter | ||
Updated•21 years ago
|
Whiteboard: [sg:fix] → security [sg:fix]
Comment 18•21 years ago
|
||
Comment on attachment 130702 [details] [diff] [review]
updated patch
a=mkaply for 1.4.2
Attachment #130702 -
Flags: approval1.4.2+
Updated•21 years ago
|
Flags: blocking1.4.2? → blocking1.4.2+
Updated•21 years ago
|
Keywords: fixed1.4.2
Comment 19•20 years ago
|
||
verified XPI file names no longer push buttons out of view.
NPWINMCIMIDI.xpi get's crunched to NPWIN....xpi
Status: RESOLVED → VERIFIED
Reporter | ||
Updated•11 years ago
|
Keywords: csec-spoof,
sec-high
Whiteboard: security [sg:fix]
Updated•9 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•