Closed Bug 304123 Opened 20 years ago Closed 2 years ago

[Linux] scripts can make browser window larger than screen

Categories

(Core :: Widget: Gtk, defect, P3)

Product:
Core
Component:
Widget: Gtk
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1745595

People

(Reporter: jaas, Unassigned)

References

(Depends on 1 open bug)

Details

(Keywords: sec-low, Whiteboard: [sg:low spoof] firefox version)

I am under the impression that a script should not be able to move any part of a window's content/UI offscreen, and that being able to do that is a security problem. If I'm wrong about that, let me know. I'm new to this area of browser knowledge. That said, the following js in the Firefox URL bar on Linux (Ubuntu 5.0.4, gnome, FF versions 1.0.2 and up, didn't try earlier) will actually cause the window to become 2000x2000 pixels, which puts large parts of content offscreen. javascript: window.resizeTo(2000,2000) At least on Mac OS X and Windows XP, you can't do that.
*** This bug has been marked as a duplicate of 104303 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Summary: scripts can make browser window larger than screen → [Linux] scripts can make browser window larger than screen
Group: security
bug 104303 is against the suite, and the fix might be separate for the two (browser.js vs navigator.js if it can't be solved at a lower level). I've also heard Firefox might remove the ability for scripts to resize windows with a different default pref setting, which might then be a firefox-only fix. Better to keep the bugs separate for now.
Status: RESOLVED → REOPENED
Depends on: 104303
Resolution: DUPLICATE → ---
Whiteboard: [sg:fix]
caillon: can you bail us out here on Linux? GTK is in need of some ownership love, but we'd settle for some babysitting on this case.
Flags: blocking1.8b5?
Mac version of this bug was bug 304089. It was major and blocking 1.8b5+ upgrading
Severity: normal → major
not a beta blocker but we'd consider a safe patch.
Flags: blocking1.8b5? → blocking1.8b5-
Whiteboard: [sg:fix] → [sg:spoof] firefox version
With the latest Linux Minefield "javascript: window.resizeTo(2000,2000);" merely causes the window to maximize.
Whiteboard: [sg:spoof] firefox version → [sg:low spoof] firefox version
WFM Ubuntu 9.0.4 and Firefox 3.0.9.
Status: REOPENED → RESOLVED
Closed: 20 years ago16 years ago
Resolution: --- → WORKSFORME
window.resizeBy(1000000, 1000000) still allows you to make a browser window larger than screen.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Reproduced on Fedora 12 using test from bug 413277: s: talos-r3-fed-025 13107 ERROR TEST-UNEXPECTED-FAIL | chrome://mochitests/content/chrome/widget/tests/test_bug413277.html | true - got 32767, expected 1280 13108 ERROR TEST-UNEXPECTED-FAIL | chrome://mochitests/content/chrome/widget/tests/test_bug413277.html | true - got 32767, expected 974 13109 ERROR TEST-UNEXPECTED-FAIL | chrome://mochitests/content/chrome/widget/tests/test_bug413277.html | true - got 100, expected 25 13110 ERROR TEST-UNEXPECTED-FAIL | chrome://mochitests/content/chrome/widget/tests/test_bug413277.html | true - got 100, expected 0
Component: General → Widget: Gtk
Product: Firefox → Core
QA Contact: general → gtk
QA Whiteboard: qa-not-actionable

In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.

Severity: major → --

We fixed some similar issues in bug 1745595, this bug is old enough we probably need to refile the specific cases - if they still exist - and the Windowing system (X11 vs Wayland).

Status: REOPENED → RESOLVED
Closed: 16 years ago2 years ago
Duplicate of bug: CVE-2022-34479
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.