Closed
Bug 233377
Opened 21 years ago
Closed 21 years ago
input and img onmouseover allows javascript popups when popup blocker is active
Categories
(SeaMonkey :: General, defect)
SeaMonkey
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 197919
People
(Reporter: philip.nilsson, Unassigned)
Details
Attachments
(1 file)
|
428 bytes,
text/html
|
Details |
User-Agent: Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040113 The popup blocking in Mozilla(my version) and Mozilla Firebird(0.7 AFAIK), and possibly others, is flawed. It allows a malicious HTML markupper to easily pop up popups on the affected clients. The problem lies in the onmouseover handling of the img, input and possibly other elements. Or possibly in some other thing deeper in Mozilla. Just see the HTML testcase look for yourselves. Reproducible: Always Steps to Reproduce: 1. Go to affected site 2. Possibly hover over affected elements 3. ??? 4. Profit Actual Results: Goatse, tubgirl, penisbird, lemonpary, unnamed picture(pillowfight?), and one more all over the screen, reminded me of the good old days of using Internet Explorer. Luckily I'm quite immune to these pictures, the pain series are a little worse. Expected Results: Blocked the popups. HTML testcase coming...
|
Reporter | |
Comment 1•21 years ago
|
||
|
||
Comment 2•21 years ago
|
||
danm fixed this a few days ago. Now we only allow a window.open() from inside the following events: "change click dblclick error reset submit" This can be controlled via the "dom.popup_allowed_events" preference (that above string is the default value). *** This bug has been marked as a duplicate of 197919 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
|
||
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•