Open Bug 682557 Opened 14 years ago Updated 2 years ago

When the user clicks on the disabled "Save" or "OK" button, the click must not push the button.

Categories

(Core :: Widget, defect)

Product:
Core
Component:
Widget
Platform:
x86_64
macOS
Type:
defect

Tracking

()

People

(Reporter: nicolas.barbulesco, Unassigned)

References

Details

Hello, Firefox 5.0. Mac OS X 10.6.8. I have a dialog in the background. The Save button is disabled, for the sake of security I guess. Good idea. I click in the dialog. The Save button gets enabled only after a delay. I put the dialog in the background. The Save button is disabled. I click on the Save button of the dialog. It gets enabled only after a delay. I put the dialog in the background. Now, I click the Save button and I keep my mouse pressed. After a while, I drop my mouse. Too bad ! The button has been pushed. See and hear screen film : http://screencast.com/t/Bh3cmrA7 This is incorrect. When the user clicks on the disabled Save button, the click must not push the button. Thanks for correcting that, Nicolas
See also : request bug 682544, request bug 682549, request bug 682550.
Not a security bug per se since user's can't be fooled into holding their mouse down on the save button without knowing what it is. Does sound like a legitimate widget bug that we're only testing on mouse up or something (guessing) where we really shouldn't count the down-up as part of the same action if the disabled state changes in the middle.
Group: core-security
Status: UNCONFIRMED → NEW
Component: Security → Widget
Ever confirmed: true
Product: Firefox → Core
QA Contact: firefox → general
Nicolas, Does this reproduce with a current version?
Severity: critical → normal
Flags: needinfo?(nicolas.barbulesco)
In Firefox 29, and in Firefox Nightly 32.0a1 in safe mode, I reproduce the bug, except that now the button is named OK. But the bug is the same : clicking the disabled button triggers the action.
Flags: needinfo?(nicolas.barbulesco)
(In reply to Nicolas Barbulesco from comment #5) > In Firefox 29, and in Firefox Nightly 32.0a1 in safe mode, I reproduce the > bug, except that now the button is named OK. But the bug is the same : > clicking the disabled button triggers the action. In fact, I also encounter the bug with button named Save. Depending on the server, in some cases we get a dialog with OK and in some other cases we get the dialog with Save. In all of these cases, I reproduce the bug.
Summary: When the user clicks on the disabled Save button, the click must not push the button. → When the user clicks on the disabled "Save" or "OK" button, the click must not push the button.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.