Context menu displays all possible options on image <object>

VERIFIED FIXED in Firefox1.5

Status

()

Firefox
General
VERIFIED FIXED
13 years ago
12 years ago

People

(Reporter: Marcus Campbell, Assigned: Jesse Ruderman)

Tracking

({fixed1.8})

unspecified
Firefox1.5
fixed1.8
Points:
---
Bug Flags:
blocking1.8b5 +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:fix], URL)

Attachments

(3 attachments, 1 obsolete attachment)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20041004 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20041004 Firefox/0.10.1

Right-clicking the space beneath the Flash animation in the window for the Games
section of Lionhead Studio's website -- http://www.lionhead.com/index2.html -- 
produces a context menu that appears to display all possible options, not just
those for a webpage.

Reproducible: Sometimes
Steps to Reproduce:
1. Go to http://www.lionhead.com/index2.html
2. Click Games to open the pop-up window
3. Right-click the very bottom-left of the window contents.

Actual Results:  
A context menu appeared with irrelevant options.

Expected Results:  
The normal context menu for webpages should appear.
(Reporter)

Comment 1

13 years ago
Created attachment 161468 [details]
Screenshot
(Reporter)

Comment 2

13 years ago
Just to clarify, I deactivated my installed extensions (EditCSS, WeatherFox and
LiveBookmarkThis) and was still able to reproduce the problem.
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20041008
Firefox/0.10

confirming

seeing the same + the whole arsenal of options from AdBlock
but if i open the page for a second time i get the normal context menu

Comment 4

13 years ago
Created attachment 173566 [details]
context menu bug

FF context menu bug

Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107
Firefox/1.0

Comment 5

13 years ago
Found this same problem while developing an extension. After researching a bit,
discovered that the error arises when you right click on an OBJECT tag that
doesn't have the "type" attribute, like :

<object data="image.png">Test</object>

This causes an error in line 4142 of browser.js because local var type is null.
A quick fix could be to replace that line with :

if ( type && type.substring( 0, 6 ) == "image/" && data) {

just to avoid this error when type is null, although I suspect that the type
attribute for the <object> should contain a valid value and that could be the
real bug.

Comment 6

13 years ago
I too see this bug ( WinXP w/ Firefox 1.0.4 ) - it would not be quite as annoying 
if the context menu would check the screen co-ordinates and draw itself
on-screen, rather than the top of the menu getting "cut-off" & rendered
inaccessible. As I use a fairly large # of plugins, I believe this may still be
an issue even after the issue of irrelevant menu items appearing is fixed. If
possible, please advise whether this should be entered as a separate bug-report.
Thanks!!!
(Assignee)

Updated

13 years ago
Assignee: firefox → jruderman
(Assignee)

Comment 7

13 years ago
The URL in comment 0 is gone, so I'm morphing this bug to cover comment 5.  This
might be a security hole.
Summary: Context menu displays all possible options → Context menu displays all possible options on <object> without type attribute
Target Milestone: --- → Firefox1.5
OS: Windows 2000 → All
Hardware: PC → All
(Assignee)

Updated

13 years ago
Blocks: 305380
(Assignee)

Updated

13 years ago
Summary: Context menu displays all possible options on <object> without type attribute → Context menu displays all possible options on image <object>
(Assignee)

Comment 8

13 years ago
Created attachment 193331 [details] [diff] [review]
fix this bug, make Set Desktop Background work with <objects>, and fix bug 305380
(Assignee)

Updated

13 years ago
Attachment #193331 - Attachment description: make Set Desktop Background work with <objects> and fix bug 305380 → fix this bug, make Set Desktop Background work with <objects>, and fix bug 305380
(Assignee)

Comment 9

13 years ago
The problem was that disableSetDesktopBackground assumed the image had its URL
in the src attribute.  The patch changes disableSetDesktopBackground, and other
code related to setting the desktop background, to use
nsIImageLoadingContent::currentURI instead.
(Assignee)

Comment 10

13 years ago
Created attachment 193333 [details] [diff] [review]
same patch, but using schemeIs
Attachment #193331 - Attachment is obsolete: true
(Assignee)

Updated

13 years ago
Attachment #193333 - Flags: review?(mconnor)
(Assignee)

Comment 11

13 years ago
Nominating to block beta because the patch fixes bug 305380.
Flags: blocking1.8b4?

Updated

13 years ago
Whiteboard: [needs review mconnor]

Updated

13 years ago
Attachment #193333 - Flags: review?(mconnor) → review+
(Assignee)

Updated

13 years ago
Attachment #193333 - Flags: approval1.8b4?
(Assignee)

Updated

13 years ago
Whiteboard: [needs review mconnor]
plussing for possible security impact per comment 7
Flags: blocking1.8b4? → blocking1.8b4+
(Assignee)

Comment 13

13 years ago
This patch fixes two potential security holes:
* Some items being enabled on the context menu that shouldn't be enabled, due to
the uncaught exception.  This is what comment 7 alluded to.
* Bug 305380.

It also fixes two other issues:
* Too many items appear on the context menu, due to the uncaught exception.
* Can't set desktop background from image <object>.
Whiteboard: [sg:fix]

Updated

13 years ago
Attachment #193333 - Flags: approval1.8b4? → approval1.8b4+
(Assignee)

Comment 14

13 years ago
Fixed trunk and Gecko 1.8 branch.
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Keywords: fixed1.8
Resolution: --- → FIXED
(Reporter)

Updated

12 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.