The default bug view has changed. See this FAQ.

textarea.select() can steal focus from other tabs

RESOLVED FIXED

Status

SeaMonkey
Tabbed Browser
RESOLVED FIXED
13 years ago
4 years ago

People

(Reporter: Jesse Ruderman, Assigned: jst)

Tracking

(7 keywords)

1.0 Branch
csectype-disclosure, csectype-spoof, fixed-aviary1.0, fixed1.4.4, fixed1.7.5, sec-moderate, testcase
Bug Flags:
blocking-aviary1.0 +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

710 bytes, text/html
Details
1.55 KB, patch
Brian Ryner (not reading)
: superreview+
chris hofmann
: approval-aviary+
Details | Diff | Splinter Review
(Reporter)

Description

13 years ago
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041018 Firefox/1.0

textarea.select() steals focus from other tabs.  (textbox.select() and
textarea.focus() do not.)  This is a security hole because it can cause typed
information to go to a tab other than the selected one.
(Reporter)

Comment 1

13 years ago
Created attachment 162574 [details]
demo
(Reporter)

Updated

13 years ago
Flags: blocking-aviary1.0?
(Assignee)

Comment 2

13 years ago
Created attachment 162732 [details] [diff] [review]
Fix.
Assignee: bryner → jst
Status: NEW → ASSIGNED
(Assignee)

Updated

13 years ago
Attachment #162732 - Flags: superreview?(bryner)
Attachment #162732 - Flags: review?(bryner)

Updated

13 years ago
Flags: blocking-aviary1.0? → blocking-aviary1.0+
Comment on attachment 162732 [details] [diff] [review]
Fix.

This is not quite the same code as what's in nsHTMLInputElement::Select()...
that code calls nsTextControlFrame::SetFocus even if the event was discarded.
We probably want to change that code to be like this code, we don't want a
partial focus.
Attachment #162732 - Flags: superreview?(bryner)
Attachment #162732 - Flags: superreview+
Attachment #162732 - Flags: review?(bryner)
Attachment #162732 - Flags: review+

Comment 4

13 years ago
Comment on attachment 162732 [details] [diff] [review]
Fix.

a=chofmann for the branch
Attachment #162732 - Flags: approval-aviary+
(Assignee)

Comment 5

13 years ago
Fixed on the aviary branch, leaving bug open to track the issue the bryner
pointed out as this gets merged onto the trunk...
Depends on: 124750
Keywords: fixed-aviary1.0
using the demo test here, this looks fixed with 2004102109-0.9+ on linux fc2.
also vrfy'd fixed on mac os x 10.3.5, 2004102107-0.9+ bits.

Comment 8

13 years ago
fixed on Windows too; FF build 2004-10-21-07-0.9
(Reporter)

Comment 9

13 years ago
Making public because this bug has the same impact as bug 124750 and because
there hasn't been a hotfix or release since 124750 was fixed.
Group: security
OS: Windows XP → All
Hardware: PC → All

Comment 10

13 years ago
Will this be checked in to the 1.7.x branch, too?
You might want to take a look at bug 265456. It describes a method in which you
can still focus a textarea in a background tab, by using createEvent.
Whiteboard: need 1.7 fix

Comment 12

13 years ago
Is this the same bug as in bug 138646 only for a different function
(textarea.select not textbox.blur)?

Comment 13

13 years ago
Can we get a 1.7 fix for this please?
(Assignee)

Comment 14

13 years ago
Not a firefox specific bug.
Component: Tabbed Browser → Tabbed Browser
Product: Firefox → Core
(Assignee)

Comment 15

13 years ago
Comment on attachment 162732 [details] [diff] [review]
Fix.

This patch fixes this for SeaMonkey as well. Requesting 1.7.5 approval.
Attachment #162732 - Flags: approval1.7.5?

Comment 16

13 years ago
Comment on attachment 162732 [details] [diff] [review]
Fix.

a=mkaply for 1.7.5 checkin
Attachment #162732 - Flags: approval1.7.5? → approval1.7.5+
(Assignee)

Updated

13 years ago
Keywords: fixed1.7.5
Flags: review+
Whiteboard: need 1.7 fix
Has this landed on the trunk? If so why is it still open?
Whiteboard: [sg:fix] need trunk
This was checked into the trunk 2004-11-04
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
Keywords: fixed1.4.4
Product: Core → SeaMonkey
(Reporter)

Updated

4 years ago
Keywords: csec-disclosure, csec-spoof, sec-moderate
Whiteboard: [sg:fix] need trunk
You need to log in before you can comment on or make changes to this bug.