Closed
Bug 300956
Opened 19 years ago
Closed 19 years ago
Area used by Flash plugin repaints incorrectly during fastback
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
mozilla1.8beta4
People
(Reporter: jruderman, Assigned: bryner)
References
Details
(Whiteboard: [bfcache regression])
Steps to reproduce: 1. Load http://www.mozilla.org/. 2. In the same tab, load http://www.homestarrunner.com/sbemail.html. 3. Press Back. Result: About 30% of the time, there's a white box and a black box covering portions of http://www.mozilla.org/ in the same place as the Flash things on the strong bad page. Turning off fastback (setting browser.sessionhistory.max_viewers to 0) makes this problem go away, so this bug might be due to fastback. This bug might have security implications. It at least allows an attacker to cover part of a target site with a white box or a black box. If the boxes can contain more interesting graphics than a single solid color, or if the boxes can be small and plentiful, this bug allows introducing new text onto the target site, such as "bankofamerica.com has moved to bank.evil.com". I am using: * Mac OS X 10.4.2 (latest) * Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050715 Firefox/1.0+ (today's nightly build on Mac) * Flash player 7,0,24,0 (latest).
|
Reporter | |
Updated•19 years ago
|
Flags: blocking1.8b4?
|
Assignee | |
Comment 2•19 years ago
|
||
Sounds like a serious fastback blocker for Mac.
Assignee: nobody → bryner
Target Milestone: --- → mozilla1.8beta4
|
||
Updated•19 years ago
|
Flags: blocking1.8b4? → blocking1.8b4+
|
||
Updated•19 years ago
|
Whiteboard: [bfcache regression]
|
|
Reporter | |
Updated•19 years ago
|
Whiteboard: [bfcache regression] → [bfcache regression] [sg:fix]
|
||
Comment 3•19 years ago
|
||
We need to ensure that we make a "SetWindow" call on the plugin (with the clipo rect set to empty) before displaying the new page. This is similar to the issue that bug 277067 is about. Do we really need the security flag on this bug?
|
|
Assignee | |
Comment 4•19 years ago
|
||
Neither Simon or myself have been able to reproduce this... can you provide any more details that might help?
|
|
Reporter | |
Comment 5•19 years ago
|
||
WFM in Aug 3 builds and later. july 15 bug july 26 bug aug 1 bug aug 2 bug aug 3 no bug aug 4 no bug aug 6 no bug I'm curious whether other people see this bug in older builds (on Mac), and what change fixed it.
|
||
Comment 6•19 years ago
|
||
Marking WFM, feel free to investigate the fix details further though.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
|
|
||
Updated•19 years ago
|
Flags: blocking1.8b4+
|
||
Updated•19 years ago
|
Group: security
|
|
||
Updated•19 years ago
|
Whiteboard: [bfcache regression] [sg:fix] → [bfcache regression]
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•