scripts can move content/UI offscreen

RESOLVED WONTFIX

Status

Camino Graveyard
General
RESOLVED WONTFIX
13 years ago
3 years ago

People

(Reporter: Josh Aas, Unassigned)

Tracking

Details

(Whiteboard: not quite spoofing, URL)

(Reporter)

Description

13 years ago
playing it safe, marking this as a security bug

Enter the following into the Camino URL bar:

javascript: window.resizeTo(2000,2000)

Notice the height is constrained, but the width can actually become 2000,
putting the right side of the window off the screen. This can hide content and
our security UI.

Looks like we don't implement ConstrainPosition() in nsCocoaWindow.mm

Comment 1

13 years ago
Camino doesn't use nsCocoaWindow.mm; we need to do this in Camino code.

Comment 2

13 years ago
I don't think this is is quite so bad, since
1. we have a pref to not change the size/postion of windows (is this on by
   default?)
2. the user can always click the green to resize the window back so that it
   fits on screen.

Comment 3

13 years ago
> 2. the user can always click the green to resize the window back so that it
>   fits on screen.

The concern is that users won't notice that the "real" status bar is off of the
screen while the web page shows something that looks like a status bar.

Blocks: 180747
Whiteboard: [sg:fix]
Whiteboard: [sg:fix] → [sg:low] spoof
(Reporter)

Comment 4

12 years ago
Can we drop security status on this bug?
but the status bar is still visible, as is the yellow/non-yellow-ness of the url bar. i'm confused how they could hide the status bar.
(Reporter)

Updated

12 years ago
Assignee: sfraser_bugs → joshmoz
CC'ing smorgan per request on #foxymonkies

Comment 7

11 years ago
(In reply to comment #3)
> The concern is that users won't notice that the "real" status bar is off of the
> screen while the web page shows something that looks like a status bar.

How is this possible with a constrained height?  Without a demonstration/explanation of how there could be a spoof here, I'm not seeing how this is a security issue as opposed to a minor annoyance.

Comment 8

11 years ago
I misunderstood the bug when I added comment 3.  Making public.
Group: security
Whiteboard: [sg:low] spoof → [sg:low] not quite spoofing
Setting this for 1.2, but if I've misunderstood the severity, please retarget.
QA Contact: general
Target Milestone: --- → Camino1.2
Whiteboard: [sg:low] not quite spoofing → not quite spoofing
(Reporter)

Comment 10

11 years ago
Over to smorgan, I'm not going to be able to look into this and fix it or make a decision about it any time soon.
Assignee: joshmoz → stuart.morgan

Updated

11 years ago
Assignee: stuart.morgan → nobody
Target Milestone: Camino1.6 → ---

Updated

9 years ago
Hardware: PowerPC → All
This bug has been buried in the graveyard and has not been updated in over 5 years. It is probably safe to assume that it will never be fixed, so resolving as WONTFIX.

[Mass-change filter: graveyard-wontfix-2014-09-24]
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.