Closed Bug 265055 Opened 20 years ago Closed 20 years ago

textarea.select() can steal focus from other tabs

Categories

(SeaMonkey :: Tabbed Browser, defect)

Product:
SeaMonkey
Component:
Tabbed Browser
Version:
1.0 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Assigned: jst)

References

Details

(7 keywords)

Attachments

(2 files)

demo
710 bytes, text/html
Details
Fix.
1.55 KB, patch
bryner
: superreview+
chofmann
: approval-aviary+
mkaply
: approval1.7.5+
Details | Diff | Splinter Review
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041018 Firefox/1.0 textarea.select() steals focus from other tabs. (textbox.select() and textarea.focus() do not.) This is a security hole because it can cause typed information to go to a tab other than the selected one.
Attached file demo
Flags: blocking-aviary1.0?
Attached patch Fix.Splinter Review
Assignee: bryner → jst
Status: NEW → ASSIGNED
Attachment #162732 - Flags: superreview?(bryner)
Attachment #162732 - Flags: review?(bryner)
Flags: blocking-aviary1.0? → blocking-aviary1.0+
Comment on attachment 162732 [details] [diff] [review] Fix. This is not quite the same code as what's in nsHTMLInputElement::Select()... that code calls nsTextControlFrame::SetFocus even if the event was discarded. We probably want to change that code to be like this code, we don't want a partial focus.
Attachment #162732 - Flags: superreview?(bryner)
Attachment #162732 - Flags: superreview+
Attachment #162732 - Flags: review?(bryner)
Attachment #162732 - Flags: review+
Comment on attachment 162732 [details] [diff] [review] Fix. a=chofmann for the branch
Attachment #162732 - Flags: approval-aviary+
Fixed on the aviary branch, leaving bug open to track the issue the bryner pointed out as this gets merged onto the trunk...
Depends on: 124750
Keywords: fixed-aviary1.0
using the demo test here, this looks fixed with 2004102109-0.9+ on linux fc2.
also vrfy'd fixed on mac os x 10.3.5, 2004102107-0.9+ bits.
fixed on Windows too; FF build 2004-10-21-07-0.9
Making public because this bug has the same impact as bug 124750 and because there hasn't been a hotfix or release since 124750 was fixed.
Group: security
OS: Windows XP → All
Hardware: PC → All
Will this be checked in to the 1.7.x branch, too?
You might want to take a look at bug 265456. It describes a method in which you can still focus a textarea in a background tab, by using createEvent.
Whiteboard: need 1.7 fix
Is this the same bug as in bug 138646 only for a different function (textarea.select not textbox.blur)?
Can we get a 1.7 fix for this please?
Not a firefox specific bug.
Product: Firefox → Core
Comment on attachment 162732 [details] [diff] [review] Fix. This patch fixes this for SeaMonkey as well. Requesting 1.7.5 approval.
Attachment #162732 - Flags: approval1.7.5?
Comment on attachment 162732 [details] [diff] [review] Fix. a=mkaply for 1.7.5 checkin
Attachment #162732 - Flags: approval1.7.5? → approval1.7.5+
Keywords: fixed1.7.5
Flags: review+
Whiteboard: need 1.7 fix
Has this landed on the trunk? If so why is it still open?
Whiteboard: [sg:fix] need trunk
This was checked into the trunk 2004-11-04
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Product: Core → SeaMonkey
Keywords: csec-disclosure, csec-spoof, sec-moderate
Whiteboard: [sg:fix] need trunk
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: