All users were logged out of Bugzilla on October 13th, 2018
User-Agent: Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040113 The popup blocking in Mozilla(my version) and Mozilla Firebird(0.7 AFAIK), and possibly others, is flawed. It allows a malicious HTML markupper to easily pop up popups on the affected clients. The problem lies in the onmouseover handling of the img, input and possibly other elements. Or possibly in some other thing deeper in Mozilla. Just see the HTML testcase look for yourselves. Reproducible: Always Steps to Reproduce: 1. Go to affected site 2. Possibly hover over affected elements 3. ??? 4. Profit Actual Results: Goatse, tubgirl, penisbird, lemonpary, unnamed picture(pillowfight?), and one more all over the screen, reminded me of the good old days of using Internet Explorer. Luckily I'm quite immune to these pictures, the pain series are a little worse. Expected Results: Blocked the popups. HTML testcase coming...
danm fixed this a few days ago. Now we only allow a window.open() from inside the following events: "change click dblclick error reset submit" This can be controlled via the "dom.popup_allowed_events" preference (that above string is the default value). *** This bug has been marked as a duplicate of 197919 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.