Closed
Bug 394743
Opened 17 years ago
Closed 13 years ago
xul popups cause dos
Categories
(Core :: XUL, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: guninski, Unassigned)
Details
(Whiteboard: [sg:dos])
Attachments
(2 files)
xul popups make firefox always on focus and unkillable from X on linux.
it is impossible to leave the page or access the menus.
on macosx switching to other applications is possible though nothing in firefox is usable and it is difficult but possible to kill firefox.
for 2.0:
<popup id="pan1" onpopuphidden="this.showPopup(null,0,0,0,0);alert(2)">
for trunk the alert is not necessary:
<panel id="pan1" onpopuphidden="this.openPopupAtScreen(0,0);">
macosx trunk seems safe.
Reporter | ||
Comment 1•17 years ago
|
||
Comment 2•17 years ago
|
||
Dupe of bug 326877? (See also bug 374569).
Assignee: nobody → jag
Component: Security → XP Toolkit/Widgets
Product: Firefox → Core
QA Contact: firefox → xptoolkit.widgets
This does look similar to my fake-bsod testcase there. I thought that was fixed on trunk though?
Reporter | ||
Comment 4•17 years ago
|
||
(In reply to comment #2)
> Dupe of bug 326877?
don't think so.
the problem in this bug is that the graphical interface is unusable on linux - the only solution i found is CTL-ALT-F1 login in console killall firefox-bin
on macosx and firefox 2.0 graphical interfaces is usable, but firefox interface is unusable and closing firefox is hard.
>(See also bug 374569).
can't see it - access denied
I misread the testcase. Now that I actually tried it and then read the code again, this is not a duplicate any bugs I've seen.
Comment 6•17 years ago
|
||
Yes, this and bug 392580 are caused by the linux-only 'keyboard grab' which retargets all keyboard events while a popup is open to the application.
Reporter | ||
Comment 7•17 years ago
|
||
branch on macosx is somewhat affected - closing firefox is hard.
Reporter | ||
Comment 8•17 years ago
|
||
(In reply to comment #6)
> Yes, this and bug 392580 are caused by the linux-only 'keyboard grab' which
> retargets all keyboard events while a popup is open to the application.
>
i doubt it is only *keyboard* events - mouse is useless in this testcase
events are definitely involved.
Updated•17 years ago
|
Whiteboard: [sg:dos]
Updated•16 years ago
|
Assignee: jag → nobody
Seems like a more open discussion would be better than what we're gaining by having this remain hidden.
Neil - would you be willing to open this up?
I haven't looked at the test case closely, perhaps it isn't even relevant any more since we disabled XUL in content?
Comment 10•13 years ago
|
||
The keyboard grab was removed by bug 545429, so it shouldn't be as much of an issue. Testing shows that it is possible to close the panel with alt+tab, although for some reason, it needs to be pressed a few times. karlt would be a better person to ask.
Comment 11•13 years ago
|
||
Karl - thoughts on comments 9/10?
Comment 12•13 years ago
|
||
I expect the DOS vulnerability is resolved since XUL content is limited to chrome, unless there is some other way for web content to open popups?
(I don't see any need to support this kind of use of XUL in chrome.)
Comment 13•13 years ago
|
||
Opening this up. There might be minor risk on the 3.6 branch but that seems quite low and it will be unsupported very soon anyway.
Resolving invalid because we don't allow XUL in content any more and even if we did the issue seems mitigated.
Group: core-security
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•