286966 - Java is temporarily enabled when viewing a webpage from bookmarks

Status: RESOLVED WORKSFORME

(SeaMonkey :: Security, defect)

Description

[Rottman3D]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217

I have Java disabled. If I type in a web address Java does not function. When I
go to www.homestarrunner.com from my bookmarks the Flash movies play just fine
and for the rest of my mozilla session Java works on all web pages.

Reproducible: Always

Steps to Reproduce:
1.Disable Java
2.Go to a Java or flash site, to confirm java is off
3.load a flash page from you bookmarks
4.Go to java or flash site from step 2

Actual Results:  
Mozilla ignore the setting to disable java and flash begins to play again.

Expected Results:  
Ignored flash and Java

This "could" be used to trick newbies into running malicious java or flash on
their machine. Likely this will not be a big problem given the steps needed to
recreate it, but I'm not one to create any more problems no matter how small.

Comment 1

[Daniel Veditz [:dveditz]]

I cannot reproduce this behavior bookmarking a java test page
(http://www.java.com/en/download/help/testvm.xml) and homestarrunner and going
back and forth.

Do you have any extensions installed?

Clearing confidential flag. Bypassing the Java-enabled setting would not itself
be a security hole, though of course it could be a stepping stone to one if
someone had a vulnerable version of Java installed.

Let's see if anyone else can reproduce this.

Comment 2

[Jesse Ruderman]

Rottman, what URLs did you use in steps 2 and 4 in order to reproduce this bug?

Perhaps you're confusing Flash and Java?  Firefox has an option to disable Java,
but Homestarrunner mostly uses Flash, not Java.

Comment 3

[Jesse Ruderman]

Marking WFM based on comment 1 and comment 2. Rottman3D@yahoo.com, please reopen
if you can still reproduce in a new version of Mozilla.