Closed
Bug 961210
Opened 11 years ago
Closed 3 years ago
firefox can be used to hijack focused application with Dom object
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: guigs, Unassigned)
Details
Hi, This was brought to attention by a forum question [https://support.mozilla.org/en-US/questions/983399?] And it was tested in beta and version 26 while switching to another application, each time the timed event does an action, the jquery script forces firefox to be the focused application in the operating system. This is a security breach. [http://jsfiddle.net/dgerton/2DcwT/2/] Steps to reproduce: 1. Visit [http://jsfiddle.net/dgerton/2DcwT/2/] in 26, 27, 28 2. Switch to another program with text editing and type 3. Wait for firefox to interupt expected Firefox ding to happen in the background what happens Firefox switches to the focused application
Reporter | ||
Updated•10 years ago
|
Version: 26 Branch → 29 Branch
Reporter | ||
Comment 1•10 years ago
|
||
The focus also happens in the latest nightly build
Comment 2•10 years ago
|
||
I can't reproduce on Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 ID:20140202030204 CSet: 3e40f7389d1b but I believe it is because Quicktime is not installed and click-to-play is enabled.
Comment 3•3 years ago
|
||
per comment 2
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•