Closed
Bug 274835
Opened 20 years ago
Closed 20 years ago
No matter what anyone says, it is never okay to hide the URL bar.
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 273699
People
(Reporter: bugzilla, Assigned: bugzilla)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0
Some sites "helpfully" open pop-up windows (such as the comments feature on
Salon's blogs, or "help" pages on other sites) which have all the standard
decorations, such as the menu, or the URL bar, removed.
THIS IS AN ABSOLUTE SECURITY NIGHTMARE AND SHOULD NEVER EVER EVER EVER EVER BE
ALLOWED! At the very least, a preference should be able to override this,
denying any site the option of EVER hiding those widgets.
(Think what happens when a dishonest operator, having sussed the window name a
brokerage uses for such a window, uses JavaScript to refresh that window from a
new location!)
Reproducible: Always
Steps to Reproduce:
1. Click on a help link, or a comments link, on any of dozens of sites.
Actual Results:
A new window appears without the URL bar and other widgets.
Expected Results:
Opened a new window with exactly the same widgets that every other window always
has.
there's nothing confidential about this.
Group: security
Whiteboard: DUPEME
Comment 2•20 years ago
|
||
DUPME in which direction, though? To the bug where Firefox had an always-on
addressbar for a little while? To whatever bug enabled the existing prefs
including dom.disable_window_open_feature.location that allows individuals to
decide they always want the addressbar? Eh, I'd say, given the timing, that the
parenthetical about targeting a named popup opened by another window is the key,
and this is actually reporting Secunia's Window Injection Vulnerability by
talking about a bandaid instead of the vuln or the fix.
*** This bug has been marked as a duplicate of 273699 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Whiteboard: DUPEME
You need to log in
before you can comment on or make changes to this bug.
Description
•