Closed
Bug 304124
Opened 20 years ago
Closed 10 years ago
scripts can move content/UI offscreen
Categories
(Camino Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: jaas, Unassigned)
References
()
Details
(Whiteboard: not quite spoofing)
playing it safe, marking this as a security bug
Enter the following into the Camino URL bar:
javascript: window.resizeTo(2000,2000)
Notice the height is constrained, but the width can actually become 2000,
putting the right side of the window off the screen. This can hide content and
our security UI.
Looks like we don't implement ConstrainPosition() in nsCocoaWindow.mm
|
||
Comment 1•20 years ago
|
||
Camino doesn't use nsCocoaWindow.mm; we need to do this in Camino code.
|
|
||
Comment 2•20 years ago
|
||
I don't think this is is quite so bad, since
1. we have a pref to not change the size/postion of windows (is this on by
default?)
2. the user can always click the green to resize the window back so that it
fits on screen.
|
||
Comment 3•20 years ago
|
||
> 2. the user can always click the green to resize the window back so that it
> fits on screen.
The concern is that users won't notice that the "real" status bar is off of the
screen while the web page shows something that looks like a status bar.
Blocks: 180747
|
||
Updated•20 years ago
|
Whiteboard: [sg:fix]
|
|
||
Updated•19 years ago
|
Whiteboard: [sg:fix] → [sg:low] spoof
|
||
Comment 5•19 years ago
|
||
but the status bar is still visible, as is the yellow/non-yellow-ness of the url bar. i'm confused how they could hide the status bar.
|
|
||
Comment 6•18 years ago
|
||
CC'ing smorgan per request on #foxymonkies
|
||
Comment 7•18 years ago
|
||
(In reply to comment #3)
> The concern is that users won't notice that the "real" status bar is off of the
> screen while the web page shows something that looks like a status bar.
How is this possible with a constrained height? Without a demonstration/explanation of how there could be a spoof here, I'm not seeing how this is a security issue as opposed to a minor annoyance.
|
|
||
Comment 8•18 years ago
|
||
I misunderstood the bug when I added comment 3. Making public.
Group: security
Whiteboard: [sg:low] spoof → [sg:low] not quite spoofing
Setting this for 1.2, but if I've misunderstood the severity, please retarget.
QA Contact: general
Target Milestone: --- → Camino1.2
|
|
||
Updated•18 years ago
|
Whiteboard: [sg:low] not quite spoofing → not quite spoofing
|
Reporter | |
Comment 10•18 years ago
|
||
Over to smorgan, I'm not going to be able to look into this and fix it or make a decision about it any time soon.
Assignee: joshmoz → stuart.morgan
|
|
||
Updated•18 years ago
|
Assignee: stuart.morgan → nobody
Target Milestone: Camino1.6 → ---
|
||
Updated•16 years ago
|
Hardware: PowerPC → All
|
||
Comment 11•10 years ago
|
||
This bug has been buried in the graveyard and has not been updated in over 5 years. It is probably safe to assume that it will never be fixed, so resolving as WONTFIX.
[Mass-change filter: graveyard-wontfix-2014-09-24]
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•