Bug#611354: iceweasel: a page should not be allowed to steal the focus from other elements
Mike Hommey
mh at glandium.org
Fri Jan 28 12:50:30 UTC 2011
On Fri, Jan 28, 2011 at 01:41:50PM +0100, Vincent Lefevre wrote:
> Package: iceweasel
> Version: 3.5.16-4
> Severity: important
> Tags: security
>
> Copy of my bug report from
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=629412
>
> but note that Firefox 4 nightly doesn't have this problem (and as said
> in the comments, focus handling was rewritten for Firefox 3.6). Also
> note that this problem is reproducible with "iceweasel -safe-mode".
>
> When opening an identi.ca page, the page steals the focus from other
> elements once it has been entirely loaded.
>
> Reproducible: Always
>
> Steps to Reproduce:
> 1. Open http://identi.ca/ (note: an account may be needed to get
> the "What's up" text input.
> 2. Click in the location bar or the search bar, and start typing
> something.
>
> Actual Results:
> Once the page is loaded, what the user types goes to the "What's up" text
> input, and if the user types [Enter], the text is posted to identi.ca.
>
> Expected Results:
> The focus should not be stolen from the address or search bar.
>
> Since the text may become public (e.g. with identi.ca), this can be a
> security/privacy problem. Thus setting the severity to important.
As we are approaching squeeze release and as such iceweasel 3.5 support
enters stable security mode, how does the security team feel about this
bug? Do we need to address it in stable?
Vincent, does this bug appear with the iceweasel 3.6 version in
experimental?
Mike
More information about the pkg-mozilla-maintainers
mailing list