User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:126.96.36.199) Gecko/20070309 Firefox/188.8.131.52 It appears that it is possible that Flash objects recieve input events, even though you might be looking at a completely different page. Reproducible: Always Steps to Reproduce: 1. Go to http://homestarrunner.com/trogdor.html 2. Start a new game, press space to pause. 3. Open a new tab, and go somewhere else (say google.com) 4. Press space, and (optionally) arrow keys and letters. Everything appears to be working. 5. Switch back to the game tab to see that the game has become unpaused, and that your character has moved. Actual Results: The game becomes unpaused and your character moves around. Expected Results: The game should remain paused, because the game should never see the keyboard input events while you are viewing a different page. Theoretically, this could be exploited to say, steal credit card numbers.
Oh, my flash version may be helpful. Here it is from about:plugins: File name: Flash Player Enabler.plugin Shockwave Flash 9.0 r19 File name: Flash Player.plugin Shockwave Flash 7.0 r24 Hmm... that's odd, apparently I have two versions of Flash floating around...
works for me on linux with flash 9 r31 and windows with flash 9 r45. Try removing your old flash installs and installing the latest to see if you can reproduce.
I removed the older flash version and updated to flash 9 r45, and the problem still exists. Apparently it's a mac-only problem. Also, I forgot to mention that Safari does not have this issue.
Component: Security → Plug-ins
Product: Firefox → Core
QA Contact: firefox → plugins
Are you still seeing this bug? I don't think I can reproduce it using Firefox trunk on Intel Mac OS X 10.4 with Flash 9,0,115,0. Can you be more specific in your steps to reproduce? Exactly what do you click on or press to open a new tab, etc?
Leon, can you retest using Firefox 3 or later? Do you still see this bug? dveditz thinks this might have been fixed by the switch from Carbon to Cocoa.
Related to http://secunia.com/advisories/12403/ ? I think we have a problem with Carbon-based plugins, but they're fixed in FF3
Yes, it does appear to be fixed in FF3. I did not try the latest 2.0 version though.
The advisory Daniel linked to might be related. This problem did not appear when I opened the other website in a new window, it was specific to tabs.
Also, I observed this with PPC Macs. (And re-tested on a PPC Macintosh) I'm pretty sure I opened a tab with option-t, as I never click on the menu. I sort of doubt it would make a difference though, but I don't know. I didn't try it.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.