Closed
Bug 840739
Opened 12 years ago
Closed 12 years ago
Flash links in private windows are converting normal windows into private windows.
Categories
(Firefox :: Private Browsing, defect)
Tracking
()
VERIFIED
FIXED
Firefox 22
People
(Reporter: mobius_88, Assigned: jdm)
References
Details
(Keywords: dataloss)
Attachments
(1 file)
1.81 KB,
patch
|
ehsan.akhgari
:
review+
lsblakk
:
approval-mozilla-aurora+
lsblakk
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
I'm not sure where else to go to reproduce this except, unfortunately, the adult social site I can discovered it on.
As long as you don't have any qualms with going on an adult dating site and probably seeing some adult images in the process...steps to reproduce.
1) go to adultfriendfinder.com
2) create a new, free, account (assuming you don't have one)
3) in the upper right of the window click on the IM button. This will open a new chromeless window with a Flash based chat client filling most of it.
4) Put whatever window you want the a new tab to open in *directly behind* the chat window. In this case use a non-private window.
5) click the "AdultFriendFinder.com" link in the upper right of the chat window.
Expected Results:
New tab opens in a private window (or opens a new one).
Actual Results:
New tab opens in whatever window is behind the original, including non-private windows.
Of interest is that the new tab does not seem to show up in history. So it is presumably still a private tab - something I didn't know was even possible.
Woah. So I just realized what else was going on here.
I have one window that has several pinned tabs on it with multiple gmail/calendar/gvoice tabs in it. They were all getting logged out and I couldn't tell why.
It turns out that when the new tab is inserted into the non-private window, it turns it into a private window and all the other tabs with it.
The UI doesn't change (aka the purple button) but all the emails get logged out and if you pull any of the tabs off into individual windows you'll find that the new window will be private (purple button).
This is a fun trick and all, but on top of **** someone off, could lead to dataloss, such as on pages with forms, no?
I tested this with one window while being logged into one yahoo mail account in private browsing and one in non-private. After the new tab had opened into the non-private window I reloaded the non-private yahoo tab and sure enough it had swapped and was now displaying the private yahoo account. In the other non-private windows the non-private account loaded fine.
Is this already on someone's radar because it seems pretty serious.
Summary: Flash links in private windows are opening tabs in non-private windows → Flash links in private windows are converting normal windows into private windows.
Comment 2•12 years ago
|
||
What Firefox version and Flash version did you reproduce this issue with? Does it reproduce with Flash 11.6 and Firefox 20 or later?
Flags: needinfo?(mobius_88)
I produced this on 20 and just reproduced it again on 20.0a2.
My Flash is up to date 11.6.602.168 (updated with the newest fixes today).
Still reproduceable.
Flags: needinfo?(mobius_88)
I did a search and was able to find a non-adult site to test this on.
To reproduce:
Go to http://www.openpalace.org/
Click on the "Try it now!"
A directory listing will be displayed, sort the list by category.
Near the top of the "All ages" grouping in the list, open "Amigos del Mundo".
In the upper right of the resulting room there is text that says "Playlist Sombra" click that.
The resulting tab will open in whatever window is directly behind the current window.
Comment 5•12 years ago
|
||
Josh, any chance you could take a look at this, please?
Flags: needinfo?(josh)
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → josh
Assignee | ||
Comment 6•12 years ago
|
||
Got it. For once the backend is doing the right thing, and it's the frontend that is choosing the host window willy-nilly: http://hg.mozilla.org/mozilla-central/annotate/f2ec16a9feea/browser/base/content/browser.js#l4860
Flags: needinfo?(josh)
Assignee | ||
Comment 7•12 years ago
|
||
Attachment #717304 -
Flags: review?(gavin.sharp)
Assignee | ||
Comment 8•12 years ago
|
||
Thanks for the steps to reproduce the problem, mobius_88. This was a really excellent bug report :)
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•12 years ago
|
Attachment #717304 -
Flags: review?(gavin.sharp) → review+
(In reply to Josh Matthews [:jdm] from comment #8)
> Thanks for the steps to reproduce the problem, mobius_88. This was a really
> excellent bug report :)
Thanks.
Now if only my true self could get the credit. :)
(I set up this secondary account because I was embarrassed of the adult association.)
Assignee | ||
Updated•12 years ago
|
tracking-firefox20:
--- → ?
tracking-firefox21:
--- → ?
Assignee | ||
Comment 10•12 years ago
|
||
Assignee | ||
Comment 11•12 years ago
|
||
Comment on attachment 717304 [details] [diff] [review]
Make opening a new URI respect the privacy status of the opener.
[Approval Request Comment]
Bug caused by (feature/regressing bug #): 798508
User impact if declined: Links from plugins in private windows can open up in public ones, leading to information leakage.
Testing completed (on m-c, etc.): m-c
Risk to taking this patch (and alternatives if risky): None. This merely refines existing behaviour.
String or UUID changes made by this patch: None.
Attachment #717304 -
Flags: approval-mozilla-beta?
Attachment #717304 -
Flags: approval-mozilla-aurora?
Comment 12•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 22
Updated•12 years ago
|
status-firefox19:
--- → wontfix
status-firefox20:
--- → affected
status-firefox21:
--- → affected
status-firefox22:
--- → fixed
Comment 13•12 years ago
|
||
Comment on attachment 717304 [details] [diff] [review]
Make opening a new URI respect the privacy status of the opener.
Great that this was found and fixed so quickly. Thanks all - go ahead with uplift.
Attachment #717304 -
Flags: approval-mozilla-beta?
Attachment #717304 -
Flags: approval-mozilla-beta+
Attachment #717304 -
Flags: approval-mozilla-aurora?
Attachment #717304 -
Flags: approval-mozilla-aurora+
Assignee | ||
Comment 14•12 years ago
|
||
Comment 15•12 years ago
|
||
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
Verified as fixed in Firefox 20 beta 2 (buildID: 20130227063501) based on STR from comment 4.
If the website is loaded under Private Window then after clicking "Playlist Sombra" it will open a new tab only in Private Window. If opened the website in normal window, the new tab will open only in normal window.
Comment 17•12 years ago
|
||
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0
Verified as fixed in Firefox 21 beta 3 (buildID: 20130416200523).
Comment 18•11 years ago
|
||
Can you please provide another website since http://www.openpalace.org/ is not working any more and regarding the website from comment 0;it does not want to accept any email provider I throw at it in order to make an account.
Or can you verify this as fixed using Firefox 22 beta 2?
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/22.0b2-candidates/build1/win32/en-US/
Flags: needinfo?(mobius_88)
Reporter | ||
Comment 19•11 years ago
|
||
I can confirm that this problem (as laid out in comment 0) is not present in Firefox 22 beta 2.
Status: RESOLVED → VERIFIED
Flags: needinfo?(mobius_88)
You need to log in
before you can comment on or make changes to this bug.
Description
•