Last Comment Bug 283103 - security and download dialogs can be spoofed by covering them partially using popup windows
: security and download dialogs can be spoofed by covering them partially using...
Status: RESOLVED FIXED
: fixed1.7.6
Product: SeaMonkey
Classification: Client Software
Component: General (show other bugs)
: 1.7 Branch
: All Windows XP
: -- major (vote)
: ---
Assigned To: Daniel Veditz [:dveditz]
:
:
Mentors:
http://www.mikx.de/firespoofing/
Depends on: 260560 295447
Blocks: 285819
  Show dependency treegraph
 
Reported: 2005-02-21 18:44 PST by Daniel Veditz [:dveditz]
Modified: 2006-03-12 18:19 PST (History)
4 users (show)
dveditz: blocking1.7.6+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Port fix from 260560/282872 to the suite 1.7 branch (5.75 KB, patch)
2005-03-09 21:59 PST, Daniel Veditz [:dveditz]
caillon: review+
neil: superreview+
caillon: approval1.7.6+
Details | Diff | Splinter Review

Description Daniel Veditz [:dveditz] 2005-02-21 18:44:49 PST
This is the Suite version of "firespoofing" bug 260560.
Comment 1 Daniel Veditz [:dveditz] 2005-02-21 18:49:56 PST
when porting the fixes from bug 260560 watch out for regression 282872
Comment 2 Christopher Aillon (sabbatical, not receiving bugmail) 2005-03-07 13:20:34 PST
Ping.  Time running out for 1.7.6, but we really need this fix.  Dveditz, if you
don't have time to do this work, feel free to assign to me.
Comment 3 Daniel Veditz [:dveditz] 2005-03-09 21:59:08 PST
Created attachment 176979 [details] [diff] [review]
Port fix from 260560/282872 to the suite 1.7 branch

This patch ports the fixes from Firefox bug 260560 (including regression fix
bug 282872), plus the always-on status bar from bug 22183 that will prevent
similar spoofing in any other dialogs we haven't explicitly fixed with this
patch.
Comment 4 Christopher Aillon (sabbatical, not receiving bugmail) 2005-03-09 22:46:35 PST
Comment on attachment 176979 [details] [diff] [review]
Port fix from 260560/282872 to the suite 1.7 branch

Looks good.  r=me assuming you've tested it.
Comment 5 neil@parkwaycc.co.uk 2005-03-10 01:45:09 PST
Comment on attachment 176979 [details] [diff] [review]
Port fix from 260560/282872 to the suite 1.7 branch

>+    var script = "document.documentElement.getButton('accept').disabled = false; ";
>+    script += "document.documentElement.getButton('extra1').disabled = false; ";
>+    script += "document.documentElement.getButton('extra2').disabled = false;";
>+    setTimeout(script, 250);
This sure looks ugly, but it'll do for the branch.

>+         this._timer.initWithCallback(this, 250, nsITimer.TYPE_ONE_SHOT);
You've got a leak here; the timer holds a reference to this and this holds a
reference to the timer. You'll need to null out your _timer reference in
notify(). (In theory you could replace _delayExpired with !_timer).

sr=me for the branch with this fixed.
Comment 6 Christopher Aillon (sabbatical, not receiving bugmail) 2005-03-10 05:40:14 PST
Comment on attachment 176979 [details] [diff] [review]
Port fix from 260560/282872 to the suite 1.7 branch

a=caillon for 1.7.6 with Neil's changes.
Comment 7 Daniel Veditz [:dveditz] 2005-03-10 14:28:17 PST
Fix checked in to trunk and 1.7 branch
Comment 9 Ginn Chen 2005-05-25 01:14:05 PDT
Bug 295447 explains why this is still a problem on GTK2 build.

Note You need to log in before you can comment on or make changes to this bug.