Closed Bug 55460 Opened 24 years ago Closed 24 years ago

alert() modal dialogues hidden somewhere behind window. Makes Browser inaccessible

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 56337
Milestone:
mozilla0.9

People

(Reporter: jrspm, Assigned: danm.moz)

References

(
URL
)

Details

(Keywords: crash, top100)

Attachments

(1 file)

simple testcase to show hidden modal alert() dialogues causing the browser to become inaccessible
1004 bytes, text/html
Details 
This just started happening recently.

when clicking on alet boxes, I don't see any alert dialogue pop up, however, I 
then try to interact with the browser window and it is frozen by the hidden 
alert() modal dialogue.  I have to use the NT task manager to kill mozilla.

Test case coming up...

jake
Minor modification to description...

A very few times, I would successfully see the alert box, but if I clicked "ok" 
and then tried it again, the previously described behavior happens.

So, this will happen about 95% of the time the first try and pretty much 100% 
the second try.

Jake

Ok, I'm not sure what the deal is, but I just tested it again and it is working 
consistently.  No idea why.  I tried it about 10 times in a row with the same 
browser version build 2000100504 M18 on win32 and it caused the behavior of 
this bug.  

All of a sudden I tried it one more time and it is working perfectly fine????  
Very odd.

Does anyone else see this problem, at least sporadically???

Jake
Ok, new build 2000100520 M18 win32

Clicking on the alert() links in the test case do absolutely nothing now.

The javascript console shows:

Error: invalid format character %ip
Error: uncaught exception: [Exception... 'Failure code: "-2147467259" 
nsresult "0x80004005(NS_ERROR_FAILURE)" location: "<unknown>"]

This seems to happen every few builds.  Man, this is sporadic!!!

Jake
Ok, now I feel like I'm talking to myself here.

I added a link to my page in the URL box above.

There are two links on that page that are of particular interest:

1.  browser - lists navigator object properties of browser (alert())

2. List all links on this page - grabs all links on the page and dynamically
writes them to a new window (window.open())

Both of these take longer and longer to come up the more times they are pressed.

For instance, the first time I load up Mozilla and click the "browser" link, the
alert box come up pretty much right away.  However, successive times actually
freeze the browser because the alert() creates a modal javascript dialogue, but
it stays hidden somewhere for about 30 seconds or so.  Finall, I see it pop up
after waiting a while.

The same happens with the other link.  However, it seems that sometimes, for the
window.open() links, I have to mouse over the toolbar buttons in order to get
the new window to display.  Keep in mind in this popup window, I do  a
window.open, set that object to a variable and open that document reference for
writing, write the generated content to the window, then close the document...so
there is a little more than just a window.open going on here.  However, this
used to pop up immediately.

There really seems to be some sort of lag right now.

It is imperative that this is found before RTM!!!!


Jake
URL: http://www.visi.com/~hoju/
I found some consistency.

Please check out the javascript errors I saw in the javascript console on 10-6.

Here is how to reproduce them.

1. If Mozilla is running now, shut down all windows.  Start up a new fresh 
window.

2. Go to http://www.visi.com/~hoju/

3. click the small arrow image in the upper left hand corner next 
to "Navigation Bar".  That will minimize the navigation bar showing you a link 
that you couldn't see before underneath.

3. Click the "browser" link

4. Open the javascript console from the tasks/tools menu

5. Note the error that I described on 10-6.  You will see them there.

6. Open up a new window (ctrl/n).

7. Repeat steps 1 - 5.  The javascript errors will not occur.   You will be 
left in one of two states.  Either you will see a javascript alert() box, or 
you will get the behavior that originally caused me to file this bug, that is 
you won't see the alert dialogue, but the window will be frozen becuase it is 
either waiting for something or it is in the background.

This is a very serious bug.  javascript alerts are used frequently.  If this 
doesn't work....  Seriously, you HAVE to fix this for RTM.  Please!


jake
Confirming. I see this on NT 4 with my trunk debug build.

I can reproduce by typing -- javascript:alert('foo') -- into the url bar. We go 
into the modal dialog loop but the dialog does not show up. Clicking on the main 
window just makes a nice ding sound and events are stopped. Only recourse 
seems to be to kill the app in taskman.

I marked this dogfood because this happens when I click on the "add to sidebar" 
link on the tinderbox page. This is a critical test case for me. The fact that 
it does not work keeps me from being able to test JS components and their 
security implications.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: dogfood
Blocks: 55506
Danm, could you look into this one?
Assignee: jst → danm
*** Bug 56355 has been marked as a duplicate of this bug. ***
this also happens with links including javascript:prompt('foo!'); and 
javascript:confirm('foo?');

Seems like any modal dialog kills us. Tested with NT4 2000-10-16-09-MTrunk 
build.
Note that this is TRUNK only regresion, and does not impact the Netscape branch.
I just tried the test case with build 2000-10-17-09  (MN6 branch).

Jband: One natural dogood work-around is to use the branch to test the security
issues you are looking into.  I'm aware of one patch (re: Java to JS calls) that
landed on the trunk, and we are trying to eval it for a possible inclusion on
the branch.  Is that what you are working on?  Have you tried to drop the patch
on your branch build to test there.  What are the other issues that you are
investigating that this blocks you on (i.e., are not testable on the branch)?
*** Bug 57471 has been marked as a duplicate of this bug. ***
*** Bug 57585 has been marked as a duplicate of this bug. ***
I recommend that either the priority or severity be set higher to get the bug 
fixed/implemented quicker.
hmm, I am not seeing this on win98 2000102404. However, others are (mac for
example). Nominating for mozilla0.9
Keywords: mozilla0.9
This is a Trunk-only bug, it does not appear on the MN6 branch. It affects all 
platforms. I am seeing it on 2000-10-25-06-Mtrunk for WinNT4. I believe it is 
foolish to target mozilla0.9 on this, as it is a javascript *crasher* and 
therefore a *security hole*. Would someone please add the "crash" keyword to 
this one? Maybe the trunk is ``low-priority'' right now but if this gets into 
the next Milestone then we will get flak, as it snuck into M18 as well.
mozilla0.9 is the earliest this will be done for. This does not fit the
mozilla0.6 keyword.
*** Bug 57457 has been marked as a duplicate of this bug. ***
OS: Windows 2000 → All
Hardware: PC → All
Blocks: 56337
Whiteboard: wish i understood the problem...
Target Milestone: --- → mozilla0.9
"I believe it is foolish to target mozilla0.9 on this, as it is a javascript
*crasher* and therefore a *security hole*."

mpercy@portera.com, I think you're confused about a couple of things.  First of
all, mozilla0.9 _is_ the next mozilla milestone on the road to Mozilla 1.0 (the
trunk).  Mozilla 0.6 is a branch milestone which will mirror the Netscape6
release.  I'm also unclear what steps you took in the leap from javascript
crasher to security hole.
Asa, you are right that I was unclear on the Milestone numbering; I thought 
that 0.9 would defer it until "whenever we feel like getting around to it", 
which is what the P3 Priority level infers. If I reacted to that in an 
offensive manner then it was unintentional and I apologize to Doron.

As for the security issue, it is simple: The ability to *anonymously* execute 
arbitrary code on *trusting systems* comes with it the obligation to implement 
the security for that execution correctly. If a script kiddie has the ability 
to crash a browser by entering some simple javascript code, he will cheerfully 
send people to crash and hang for the simple joy of doing it -- I think we all 
know that (anyone here fall victim to the [img src="C:\CON\CON"] IE crasher? I 
know I did).

So, yes, javascript crashers are security holes, if for no other reason than 
they allow anyone with a web page (or a javascript: URL) to crash Mozilla.
Whiteboard: wish i understood the problem...
*** Bug 58262 has been marked as a duplicate of this bug. ***
*** Bug 60358 has been marked as a duplicate of this bug. ***
Adding crash keyword, and also top100 because this happens with search 
bookmarklets.  I second jband's dogfood nomination, because this bug makes it 
difficult to test other javascript/dom bugs, look for new bugs, and add sidebar 
panels (bug 56337).
Keywords: crash, top100
No longer blocks: 56337
Fixed in bug 56337.  Yay :)

*** This bug has been marked as a duplicate of 56337 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Verified Duplicate.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: