If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Limit amount of times a site can move/resize the window.

RESOLVED DUPLICATE of bug 502561

Status

()

Core
DOM: Core & HTML
RESOLVED DUPLICATE of bug 502561
9 years ago
8 years ago

People

(Reporter: Natch, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

9 years ago
I think if done smartly this can really mitigate a lot of these crappy attacks, such as:

http://sourmath.com (EXPLICIT CONTENT)

Sorry, took the url from another bug, not sure of another one. If a page attempts to move/resize the window 3 times within 3 seconds the page should be blacklisted. I think this can be combined with bug 61098, so that any one of the conditions will blacklist the site and lower its permissions so that it can't alert/prompt/confirm/showModalDialog or moveTo/moveBy/resizeTo/resizeBy/sizeToContent etc.

Lastly, I know there's a pref for this, and it is in the ui, however:

1) The pref is enabled by default.
2) The ui isn't all that discoverable to the common user.
3) I can't think of a legit reason for a site to resize or move a window 3 times within 3 seconds!
Flags: wanted1.9.2?
(Reporter)

Comment 1

8 years ago
Duping to bug 502561 as there's a better description and STR there.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Flags: wanted1.9.2?
Resolution: --- → DUPLICATE
Duplicate of bug: 502561

Comment 2

8 years ago
Interesting idea to make the heuristic be based on the number of resizes.  But I think that would have many of the same problems as the ideas in bug 29346 had for popups.
You need to log in before you can comment on or make changes to this bug.