Closed Bug 725611 Opened 10 years ago Closed 10 years ago
[CAL-2012-0019]Firefox website spoof vulnerability by hook event
This is basically identical to bug 724599 but with slightly less explicit user interaction... I think we're going to have to revert the urlbar for script-initiated stop()s.
Status: UNCONFIRMED → NEW
Component: Untriaged → Location Bar
Depends on: CVE-2012-1950
Ever confirmed: true
QA Contact: untriaged → location.bar
The problem with that is that a page can put a stop() on a timeout to keep the user from editing the url bar text... Can we revert only if we'd started a load from the url bar?
Can we subject stop() to popup abuse controls? As far as I can see, pages only need to use it in response to user interaction.
I kinda like that idea, actually. It wouldn't be hard to do, for sure....
(In reply to email@example.com from comment #3) > Can we subject stop() to popup abuse controls? As far as I can see, pages > only need to use it in response to user interaction. filed bug 740295
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Whiteboard: [sg:moderate] → [sg:moderate] fixed by bug 724599
Target Milestone: --- → Firefox 14
I'm not seeing any difference in behavior with the PoC in comment 0 before and after bug 724599 was fixed.
That said, I don't see the behavior from the attached gif anywhere.
We're already tracking bug 724599 for ESR.
Moving tracking to 13 to make sure these fixes get verified when they land.
(In reply to Al Billings [:abillings] from comment #6) > I'm not seeing any difference in behavior with the PoC in comment 0 before > and after bug 724599 was fixed. I still don't see any difference with Firefox 12 and the post-checkin build with the fix and the attached POC.
This is still being tracked for Firefox 13? Are we taking this on the beta branch (13) or not?
Assigning this bug to Dao so that we can ensure there's someone on the hook to fix this for ESR.
The fix is bug 724599.
Whiteboard: [sg:moderate] fixed by bug 724599 → [sg:moderate][advisory-tracking+] fixed by bug 724599
Since this is fixed by bug 724599 and that was checked into ESR, is there any reason to not mark this as fixed in status-firefox-esr10 field?
Marking this as verified for 14 and trunk since bug 724599 was verified by me there.
Transitively marking this verified for ESR based on my verification in bug 724599.
You need to log in before you can comment on or make changes to this bug.