Closed
Bug 294323
Opened 20 years ago
Closed 20 years ago
function onFullScreen() should check for untrusted events
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
RESOLVED
FIXED
People
(Reporter: bugs, Assigned: dveditz)
References
()
Details
(Keywords: fixed-aviary1.0.5, fixed1.7.9, Whiteboard: [sg:dos] fixed by 289940)
Attachments
(1 file)
|
521 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Go to http://www.krickelkrackel.de/testing/fullscreen.htm
and see some toolbars and the statusbar go away.
I don't know if this is security related, but it makes
spoofing easier.
Reproducible: Always
Actual Results:
Missing chrome.
Expected Results:
I think that this should not be possible.
|
Assignee | |
Comment 1•20 years ago
|
||
You're right this shouldn't happen, but it's more of an annoyance than a
security exploit. Might be fairly permanent though: most users probably don't
know about fullscreen mode and wouldn't be able to figure out how to get their
toolbars or menus back (F11 twice) -- especially since any hints on the View
menu are invisible too.
When bug 289940 is fixed this should get fixed for free, but leaving open so we
remember to retest to be sure.
Assignee: nobody → dveditz
Status: UNCONFIRMED → NEW
Depends on: 289940
Ever confirmed: true
Whiteboard: [sg:dos]
|
||
Comment 2•20 years ago
|
||
bug 289940 _is_ fixed.
|
|
Assignee | |
Comment 3•20 years ago
|
||
This is fixed on the trunk.
*** This bug has been marked as a duplicate of 289940 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dos] → [sg:dupe 289940]
|
|
Assignee | |
Comment 4•20 years ago
|
||
Bug 289940 isn't going to land on the branch, reopening for reconsideration.
Status: RESOLVED → REOPENED
Flags: blocking-aviary1.0.5?
Resolution: DUPLICATE → ---
Whiteboard: [sg:dupe 289940] → [sg:fix]
|
|
Assignee | |
Updated•20 years ago
|
Whiteboard: [sg:fix] → [sg:dos]
|
|
Assignee | |
Comment 5•20 years ago
|
||
OK, looks like bug 289940 is wanted on the branch. Either way, plussing to make
sure this one is fixed one way or the other
Flags: blocking-aviary1.0.5? → blocking-aviary1.0.5+
Whiteboard: [sg:dos] → [sg:dos] fixed by 289940
|
|
Assignee | |
Comment 6•20 years ago
|
||
This is fixed on the trunk by bug 289940. I didn't need to reopen to keep in
consideration for a 1.0-branch fix, the blocking flag takes care of that.
Status: REOPENED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 7•20 years ago
|
||
|
|
Assignee | |
Comment 8•20 years ago
|
||
fix for bug 289940 checked into aviary and mozilla 1.7 branches
Keywords: fixed-aviary1.0.5,
fixed1.7.9
|
||
Comment 9•20 years ago
|
||
v.fixed on aviary with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9)
Gecko/20050706 Firefox/1.0.5 using original testcase.
|
|
Assignee | |
Comment 10•20 years ago
|
||
Adding distributors
|
Reporter | |
Comment 12•20 years ago
|
||
Thanks for fixing!
|
||
Updated•19 years ago
|
Flags: testcase+
|
|
||
Updated•18 years ago
|
Flags: in-testsuite+ → in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•