Closed Bug 961210 Opened 11 years ago Closed 3 years ago

firefox can be used to hijack focused application with Dom object

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
29 Branch
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: guigs, Unassigned)

Details

Hi, 
This was brought to attention by a forum question 
[https://support.mozilla.org/en-US/questions/983399?]
And it was tested in beta and version 26 while switching to another application, each time the timed event does an action, the jquery script forces firefox to be the focused application in the operating system. This is a security breach. 


[http://jsfiddle.net/dgerton/2DcwT/2/]
Steps to reproduce:
1. Visit [http://jsfiddle.net/dgerton/2DcwT/2/] in 26, 27, 28
2. Switch to another program with text editing and type
3. Wait for firefox to interupt


expected 
Firefox ding to happen in the background


what happens
Firefox switches to the focused application
Version: 26 Branch → 29 Branch
The focus also happens in the latest nightly build
I can't reproduce on Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 ID:20140202030204 CSet: 3e40f7389d1b but I believe it is because Quicktime is not installed and click-to-play is enabled.

per comment 2

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.