Closed
Bug 323256
Opened 20 years ago
Closed 20 years ago
quick search doesn't hit form submission warning
Categories
(Firefox :: Search, defect)
Firefox
Search
Tracking
()
VERIFIED
WONTFIX
People
(Reporter: el3000, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Any quick search allows bypass of user prompt asking for permission to send information to the internet.
Reproducible: Always
Steps to Reproduce:
1. Log in from a new profile.
2. Perform a quick search.
3. No prompt to confirm that it is OK to send information to the internet.
4. Malicious user could exploit this.
Actual Results:
No prompt asking user for permission to send information over internet.
Expected Results:
Prompt should appear asking user permission to send information over internet, just as if operation was performed without quick search.
|
||
Comment 1•20 years ago
|
||
Not a security exploit, possibly privacy, but if you type data into the search box and hit enter, its pretty obvious you're sending information somewhere. The form submit is not quite as obvious in many cases.
Beltzner, any thoughts here? (its too early/late, but I'm thinking WONTFIX)
Group: security
Component: Security → Search
QA Contact: firefox → search
Summary: quick search potential security hole → quick search doesn't hit form submission warning
|
||
Comment 2•20 years ago
|
||
This will be more clear when we get the grey background text in the search bar saying "search with google" or whatever. The "send information to the internet" is a warning to prevent people from inadvertantly sending information to cover malicious use. None of the quicksearches we include really fall into that category - if they did, that'd be a whole different class of bug.
Finally, doing this would make a pretty disastrous out of the box user experience. Download, try to search, get a "oh noes! you're sending information out on the internets!". Ick. :)
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
|
||
Comment 3•19 years ago
|
||
*** Bug 238235 has been marked as a duplicate of this bug. ***
|
||
Comment 4•19 years ago
|
||
*** Bug 238235 has been marked as a duplicate of this bug. ***
|
|
||
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
|
|
||
Comment 5•19 years ago
|
||
*** Bug 356276 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•