Open Bug 485842 Opened 12 years ago Updated 3 years ago

Popup blocker fails to block popups which open in the background while firefox browse window is open.

Categories

(Core :: DOM: Core & HTML, defect, P5)

x86
Linux
defect

Tracking

()

UNCONFIRMED

People

(Reporter: the8thbit, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/2009032711 Linux Mint/6 (Felicia) Firefox/3.0.8
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/2009032711 Linux Mint/6 (Felicia) Firefox/3.0.8

If one opens a browse window, such as when saving an image or uploading a file, and a popup opens in tab in the main Firefox window, the popup blocker will fail to block the popup, and the popup will be opened in a new tab.

This is a possible security issue, as malicious code could be used to open the file-browser window, or another similar window in the background, before opening a pop-up window in the foreground which executes some action. 

Example:

Go to this website: http://cgi.4chan.org/f/src/enjoy.swf (make sure you have a popup blocker enabled.) 
Go to http://zip.4chan.org/v/imgboard.html in a new tab
Click the "Browse..." button under the input field.

NOTE: This will require you to force-close Firefox.

Reproducible: Always

Steps to Reproduce:
1. Go to this website: http://cgi.4chan.org/f/src/enjoy.swf (make sure you have a popup blocker enabled.) 
2. Go to http://zip.4chan.org/v/imgboard.html in a new tab
3. Click the "Browse..." button under the input field.
Actual Results:  
Several pop-ups opened in new tabs, which should have been blocked. Force Quit was required. 

Expected Results:  
Pop-ups should have been blocked.

I'm using adblock+ and tabmix+, which may have had an effect on this bug. I am also using the MonoChrome theme.
Version: unspecified → 3.0 Branch
EDIT: The page I used as an example for the bug has expired.
We don't consider pop-ups a "security" problem. They're definitely an annoyance that we want to stop, but there's nothing malicious a popup can do that an attacker couldn't do in the attacking page in terms of a security exploit.

The link you gave is to a flash object, these might be flash popups, not browser popups. And given the 4chan domain this is probably full of the tricks discussed in the "eviltraps" bug.

If the link you gave is now dead we might have to close this one and just assume for now that it's similar tricks to other bugs we've got on file.
Group: core-security
Component: Security → DOM: Core & HTML
Product: Firefox → Core
QA Contact: firefox → general
Version: 3.0 Branch → unspecified
Here, go here:

http://www.popupcheck.com/freescan/popup/popup_test_standard.asp

begin the test. Firefox will block all popups.

Begin the test again, this time, immediately go to imageshack.us and click on the 'browse...' button. All popups will get through.

While I wasn't sure if this would be considered a security issue, it can crash Firefox, and it causes window focus to be kept on Firefox, making it very hard to close the process.
Severity: critical → major
I am using a 3.5 branch nightly on windows and I tried the imageshack.us/popupcheck.com test. It failed the final test: User-launched Delayed-method popup allowing = Failed. So these instructions seem to point to some weaknesses in the popup blocker.
Under ubuntu 9.04 and firefox 3.0.10 imageshack.us/popupcheck.com test will cause a failed test for test 9 - User-launched
Delayed-method popup allowing. This is the same result as in windows. The popup stays open. Unfortunately it is not consistent. Under ubuntu linux some of the other tests will ocasionally report as failed, but there are no popups that do not close except for the final test. So for some reason these tests are reporting a fail when it should be a pass. I think.
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven't been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.