security and download dialogs can be spoofed by covering them partially using popup windows

RESOLVED FIXED

Status

SeaMonkey
General
--
major
RESOLVED FIXED
13 years ago
12 years ago

People

(Reporter: dveditz, Assigned: dveditz)

Tracking

(Blocks: 1 bug, {fixed1.7.6})

1.7 Branch
All
Windows XP
fixed1.7.6
Dependency tree / graph
Bug Flags:
blocking1.7.6 +

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

5.75 KB, patch
Christopher Aillon (sabbatical, not receiving bugmail)
: review+
neil@parkwaycc.co.uk
: superreview+
Christopher Aillon (sabbatical, not receiving bugmail)
: approval1.7.6+
Details | Diff | Splinter Review
(Assignee)

Description

13 years ago
This is the Suite version of "firespoofing" bug 260560.
(Assignee)

Comment 1

13 years ago
when porting the fixes from bug 260560 watch out for regression 282872
Flags: blocking1.7.6+
(Assignee)

Updated

13 years ago
Flags: blocking1.8b2?
Ping.  Time running out for 1.7.6, but we really need this fix.  Dveditz, if you
don't have time to do this work, feel free to assign to me.
(Assignee)

Comment 3

13 years ago
Created attachment 176979 [details] [diff] [review]
Port fix from 260560/282872 to the suite 1.7 branch

This patch ports the fixes from Firefox bug 260560 (including regression fix
bug 282872), plus the always-on status bar from bug 22183 that will prevent
similar spoofing in any other dialogs we haven't explicitly fixed with this
patch.
(Assignee)

Updated

13 years ago
Attachment #176979 - Flags: superreview?(neil.parkwaycc.co.uk)
Attachment #176979 - Flags: review?(caillon)
Attachment #176979 - Flags: approval1.7.6?
Comment on attachment 176979 [details] [diff] [review]
Port fix from 260560/282872 to the suite 1.7 branch

Looks good.  r=me assuming you've tested it.
Attachment #176979 - Flags: review?(caillon) → review+

Comment 5

13 years ago
Comment on attachment 176979 [details] [diff] [review]
Port fix from 260560/282872 to the suite 1.7 branch

>+    var script = "document.documentElement.getButton('accept').disabled = false; ";
>+    script += "document.documentElement.getButton('extra1').disabled = false; ";
>+    script += "document.documentElement.getButton('extra2').disabled = false;";
>+    setTimeout(script, 250);
This sure looks ugly, but it'll do for the branch.

>+         this._timer.initWithCallback(this, 250, nsITimer.TYPE_ONE_SHOT);
You've got a leak here; the timer holds a reference to this and this holds a
reference to the timer. You'll need to null out your _timer reference in
notify(). (In theory you could replace _delayExpired with !_timer).

sr=me for the branch with this fixed.
Attachment #176979 - Flags: superreview?(neil.parkwaycc.co.uk) → superreview+
Comment on attachment 176979 [details] [diff] [review]
Port fix from 260560/282872 to the suite 1.7 branch

a=caillon for 1.7.6 with Neil's changes.
Attachment #176979 - Flags: approval1.7.6? → approval1.7.6+
(Assignee)

Comment 7

13 years ago
Fix checked in to trunk and 1.7 branch
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Keywords: fixed1.7.6
Resolution: --- → FIXED
Blocks: 285819

Comment 8

12 years ago
See:
https://bugzilla.mozilla.org/show_bug.cgi?id=260560#c37

Updated

12 years ago
Depends on: 295447

Comment 9

12 years ago
Bug 295447 explains why this is still a problem on GTK2 build.
You need to log in before you can comment on or make changes to this bug.