All users were logged out of Bugzilla on October 13th, 2018

input and img onmouseover allows javascript popups when popup blocker is active

RESOLVED DUPLICATE of bug 197919

Status

--
critical
RESOLVED DUPLICATE of bug 197919
15 years ago
14 years ago

People

(Reporter: philip.nilsson, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
User-Agent:       
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040113

The popup blocking in Mozilla(my version) and Mozilla Firebird(0.7 AFAIK), and
possibly others, is flawed. It allows a malicious HTML markupper to easily pop
up popups on the affected clients.

The problem lies in the onmouseover handling of the img, input and possibly
other elements. Or possibly in some other thing deeper in Mozilla.

Just see the HTML testcase look for yourselves.

Reproducible: Always
Steps to Reproduce:
1. Go to affected site
2. Possibly hover over affected elements
3. ???
4. Profit

Actual Results:  
Goatse, tubgirl, penisbird, lemonpary, unnamed picture(pillowfight?), and one
more all over the screen, reminded me of the good old days of using Internet
Explorer.

Luckily I'm quite immune to these pictures, the pain series are a little worse.

Expected Results:  
Blocked the popups.

HTML testcase coming...
(Reporter)

Comment 1

15 years ago
Created attachment 140823 [details]
html exploit testcase
danm fixed this a few days ago.  Now we only allow a window.open() from inside
the following events:  "change click dblclick error reset submit"

This can be controlled via the "dom.popup_allowed_events" preference (that above
string is the default value).

*** This bug has been marked as a duplicate of 197919 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.