451385 – Rogue websites can resize Firefox window

Bug 451385 - Rogue websites can resize Firefox window

Summary: Rogue websites can resize Firefox window

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-06-13 22:31 UTC by Jeff Garzik
Modified:	2018-04-11 07:10 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-12-12 11:03:18 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Mozilla Foundation	439177	0	None	None	None	Never

Description Jeff Garzik 2008-06-13 22:31:47 UTC

Description of problem:
Web sites can resize the firefox X11 window at will, even if multiple tabs are open.

This resizing can often be intentionally annoying (resize to tiny window), or
cause the firefox window to maximize itself on the desktop, hiding other
windows.  For example,
http://www.vfdaily.com/culture/2008/blogopticon/index.html currently
demonstrates this window-maximizing behavior.

By default, web sites should NOT be able to control the main window,
particularly if multiple tabs are open.  Doing so presumes that a single website
"owns" the browser window, which is not true.

Version-Release number of selected component (if applicable):
firefox-3.0-0.60.beta5.fc9.x86_64


How reproducible:
always, with the right web sites

Steps to Reproduce:
1. Open multiple tabs.
2. Make sure firefox X11 window does /not/ cover entire desktop.
3. Visit website such as the one above, and watch X11 window change size without
user approval.
  
Actual results:
Window resized.

Expected results:
Window not resized, because it makes other tabs look horrible.

Additional info:

Comment 1 Jeff Garzik 2008-06-13 22:46:32 UTC

Note that this problem occurs on firefox 2.x as well.

Comment 2 Matěj Cepl 2008-06-13 23:30:31 UTC

If this issue turns out to still be reproduceable in the latest updates for this
Fedora Core release, please file a bug report in the the upstream bugzilla
located at http://bugzilla.mozilla.org in the particular component.

Once you've filed your bug report to the upstream bugzilla, if you paste the new
bug URL here, Red Hat will continue to track the issue in the centralized
upstream bug tracker, and will review any bug fixes that become available for
consideration in future updates.

Setting status to NEEDINFO, and awaiting upstream bug report URL for tracking.

Thanks in advance.

Comment 3 Jeff Garzik 2008-06-14 00:45:42 UTC

This bug report indicates component firefox-3.0-0.60.beta5.fc9.x86_64 which is
the latest available from Fedora 9 updates (but I assume you know this???)

Comment 4 Jeff Garzik 2008-06-14 01:13:57 UTC

Upstream bugzilla entry: https://bugzilla.mozilla.org/show_bug.cgi?id=439177

Comment 5 Matěj Cepl 2008-06-14 06:41:16 UTC

We have to really prioritize heavily about what we can do and what we have not
enough resources for, and the latter should be send upstream as soon as
possible. Unfortunately this is clearly in the latter camp.

Closing as UPSTREAM against the bug you mentioned.

Comment 6 Jeff Garzik 2008-06-14 10:47:28 UTC

Is this not a security issue?

Web site A can control the window of Web site B.

Comment 7 Matěj Cepl 2008-06-14 11:35:26 UTC

I really don't think so -- if it bothers you can avoid by changing the
configuration of your Firefox. We can argue about defaults, but I don't think it
is worthy.

Letting to decide Christopher as the highest authority on Firefox matters.

Comment 8 Martin Stransky 2008-12-12 11:03:18 UTC

It's not a security issue but a javascript bug...you can discuss it at https://bugzilla.mozilla.org/show_bug.cgi?id=144069

Note You need to log in before you can comment on or make changes to this bug.