Closed
Bug 465533
Opened 16 years ago
Closed 16 years ago
Alert dialog masquerades as OS dialog, allows phishing
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 402401
People
(Reporter: johnjbarton, Unassigned)
Details
Attachments
(1 file)
24.44 KB,
image/jpeg
|
Details |
Please see the attached image, a copy of a Firefox alert dialog. A link on a legitimate site (Firebug google groups) http://groups.google.com/group/firebug/browse_thread/thread/e12455fd30a06944 *sometimes* results in an apparent Firefox crash: 1) The browser vansishes, 2) the attached dialog box appears, 3) the site wants to install software on your machine "Recommended" apparently by Firefox or OS. In fact the site has reduced the size of Firefox and covered it with the alert dialog. This attack could be reduced by forcing the style of the common dialog alert box to be consistent with Firefox: 1) The window icon should be the Firefox window icon, 2) the navigation tool bar should be forced present (read only is ok), I think it should also be required that the alert be positioned within the page boundary, eg a small window would not allow an alert. (That would make the change above unnecessary.)
Comment 1•16 years ago
|
||
The problem is already described in bug 402401; please copy your suggested solutions there if you think my suggested solution of fixing bug 454779 isn't enough.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•