Closed
Bug 300956
Opened 20 years ago
Closed 19 years ago
Area used by Flash plugin repaints incorrectly during fastback
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
mozilla1.8beta4
People
(Reporter: jruderman, Assigned: bryner)
References
Details
(Whiteboard: [bfcache regression])
Steps to reproduce:
1. Load http://www.mozilla.org/.
2. In the same tab, load http://www.homestarrunner.com/sbemail.html.
3. Press Back.
Result: About 30% of the time, there's a white box and a black box covering
portions of http://www.mozilla.org/ in the same place as the Flash things on the
strong bad page.
Turning off fastback (setting browser.sessionhistory.max_viewers to 0) makes
this problem go away, so this bug might be due to fastback.
This bug might have security implications. It at least allows an attacker to
cover part of a target site with a white box or a black box. If the boxes can
contain more interesting graphics than a single solid color, or if the boxes can
be small and plentiful, this bug allows introducing new text onto the target
site, such as "bankofamerica.com has moved to bank.evil.com".
I am using:
* Mac OS X 10.4.2 (latest)
* Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4)
Gecko/20050715 Firefox/1.0+ (today's nightly build on Mac)
* Flash player 7,0,24,0 (latest).
|
Reporter | |
Updated•20 years ago
|
Flags: blocking1.8b4?
|
Assignee | |
Comment 2•20 years ago
|
||
Sounds like a serious fastback blocker for Mac.
Assignee: nobody → bryner
Target Milestone: --- → mozilla1.8beta4
|
||
Updated•20 years ago
|
Flags: blocking1.8b4? → blocking1.8b4+
|
||
Updated•20 years ago
|
Whiteboard: [bfcache regression]
|
|
Reporter | |
Updated•20 years ago
|
Whiteboard: [bfcache regression] → [bfcache regression] [sg:fix]
|
||
Comment 3•19 years ago
|
||
We need to ensure that we make a "SetWindow" call on the plugin (with the clipo
rect set to empty) before displaying the new page. This is similar to the issue
that bug 277067 is about.
Do we really need the security flag on this bug?
|
|
Assignee | |
Comment 4•19 years ago
|
||
Neither Simon or myself have been able to reproduce this... can you provide any
more details that might help?
|
|
Reporter | |
Comment 5•19 years ago
|
||
WFM in Aug 3 builds and later.
july 15 bug
july 26 bug
aug 1 bug
aug 2 bug
aug 3 no bug
aug 4 no bug
aug 6 no bug
I'm curious whether other people see this bug in older builds (on Mac), and what
change fixed it.
|
||
Comment 6•19 years ago
|
||
Marking WFM, feel free to investigate the fix details further though.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
|
|
||
Updated•19 years ago
|
Flags: blocking1.8b4+
|
||
Updated•19 years ago
|
Group: security
|
|
||
Updated•19 years ago
|
Whiteboard: [bfcache regression] [sg:fix] → [bfcache regression]
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•