Bug#611354: iceweasel: a page should not be allowed to steal the focus from other elements
Vincent Lefevre
vincent at vinc17.net
Fri Jan 28 12:41:50 UTC 2011
Package: iceweasel
Version: 3.5.16-4
Severity: important
Tags: security
Copy of my bug report from
https://bugzilla.mozilla.org/show_bug.cgi?id=629412
but note that Firefox 4 nightly doesn't have this problem (and as said
in the comments, focus handling was rewritten for Firefox 3.6). Also
note that this problem is reproducible with "iceweasel -safe-mode".
When opening an identi.ca page, the page steals the focus from other
elements once it has been entirely loaded.
Reproducible: Always
Steps to Reproduce:
1. Open http://identi.ca/ (note: an account may be needed to get
the "What's up" text input.
2. Click in the location bar or the search bar, and start typing
something.
Actual Results:
Once the page is loaded, what the user types goes to the "What's up" text
input, and if the user types [Enter], the text is posted to identi.ca.
Expected Results:
The focus should not be stolen from the address or search bar.
Since the text may become public (e.g. with identi.ca), this can be a
security/privacy problem. Thus setting the severity to important.
-- Package-specific info:
-- Extensions information
Name: DOM Inspector
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/inspector at mozilla.org
Package: xul-ext-dom-inspector
Status: enabled
Name: Default
Location: /usr/lib/iceweasel/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
Name: Dictionnaire français «Classique»
Location: ${PROFILE_EXTENSIONS}/fr-FR at dictionaries.addons.mozilla.org
Status: enabled
Name: Firefox Showcase
Location: ${PROFILE_EXTENSIONS}/{89506680-e3f4-484c-a2c0-ed711d481eda}
Status: enabled
Name: Flagfox
Location: ${PROFILE_EXTENSIONS}/{1018e4d6-728f-4b20-ad56-37578a4de76b}
Status: enabled
Name: Flashblock
Location: ${PROFILE_EXTENSIONS}/{3d7eb24f-2740-49df-8937-200b1cc08f8a}
Status: enabled
Name: Forecastfox Weather
Location: ${PROFILE_EXTENSIONS}/{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
Status: enabled
Name: Greasemonkey
Location: ${PROFILE_EXTENSIONS}/{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
Status: enabled
Name: HeadingsMap
Location: ${PROFILE_EXTENSIONS}/headings at niquelheadings.net
Status: enabled
Name: Link Widgets
Location: ${PROFILE_EXTENSIONS}/linkwidget at clav.mozdev.org
Status: enabled
Name: Live HTTP headers
Location: ${PROFILE_EXTENSIONS}/{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
Status: enabled
Name: Open in Browser
Location: ${PROFILE_EXTENSIONS}/openinbrowser at www.spasche.net
Status: enabled
Name: Pinger
Location: ${PROFILE_EXTENSIONS}/janetka at pinger
Status: enabled
Name: Readability
Location: ${PROFILE_EXTENSIONS}/{6005d9b1-d115-485a-a92a-3f6453ca3fe2}
Status: enabled
Name: SearchStatus
Location: ${PROFILE_EXTENSIONS}/{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
Status: enabled
Name: Stylish
Location: ${PROFILE_EXTENSIONS}/{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
Status: enabled
Name: Tab Mix Plus
Location: ${PROFILE_EXTENSIONS}/{dc572301-7619-498c-a57d-39143191b318}
Status: enabled
Name: Web Developer
Location: ${PROFILE_EXTENSIONS}/{c45c406e-ab73-11d8-be73-000a95be3b12}
Status: enabled
Name: X-Ray
Location: ${PROFILE_EXTENSIONS}/{3f1182ea-3243-4d32-8826-71fb1cc9c328}
Status: enabled
-- Plugins information
Name: DjVuLibre-3.5.23
Location: /usr/lib/netscape/plugins-libc6/nsdejavu.so
Package: djvulibre-plugin
Status: enabled
Name: Shockwave Flash
Location: /usr/lib/gnash/libgnashplugin.so
Package: browser-plugin-gnash
Status: enabled
-- Addons package information
ii browser-plugin 0.8.8-9 GNU Shockwave Flash (SWF) player - Plugin fo
ii djvulibre-plug 3.5.23-3 Browser plugin for the DjVu image format
ii iceweasel 3.5.16-4 Web browser based on Firefox
ii xul-ext-dom-in 1:2.0.8-2 tool for inspecting the DOM of pages in Icew
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iceweasel depends on:
ii debianutils 3.4.3 Miscellaneous utilities specific t
ii fontconfig 2.8.0-2.1 generic font configuration library
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library
ii libstdc++6 4.4.5-10 The GNU Standard C++ Library v3
ii procps 1:3.2.8-10 /proc file system utilities
ii xulrunner-1.9.1 1.9.1.16-4 XUL + XPCOM application runner
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii mathematica-fonts [ttf-math 12 Installer of Mathematica fonts
pn mozplugger <none> (no description available)
ii ttf-lyx 1.6.7-1 TrueType versions of some TeX font
ii xfonts-mathml 4 Type1 Symbol font for MathML
pn xprint <none> (no description available)
Versions of packages xulrunner-1.9.1 depends on:
ii libasound2 1.0.23-2.1 shared library for ALSA applicatio
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.2.24-4 simple interprocess messaging syst
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.4.5-10 GCC support library
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libhunspell-1.2-0 1.2.11-1 spell checker and morphological an
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libmozjs2d 1.9.1.16-4 The Mozilla SpiderMonkey JavaScrip
ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library
ii libnss3-1d 3.12.8-2 Network Security Service libraries
ii libpango1.0-0 1.28.3-1+squeeze1 Layout and rendering of internatio
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libreadline6 6.1-3 GNU readline and history libraries
ii libsqlite3-0 3.7.4-2 SQLite 3 shared library
ii libstartup-notificatio 0.10-1 library for program launch feedbac
ii libstdc++6 4.4.5-10 The GNU Standard C++ Library v3
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxrender1 1:0.9.6-1 X Rendering Extension client libra
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
-- no debconf information
More information about the pkg-mozilla-maintainers
mailing list