Mozilla Developing Secure Full-Screen Firefox Feature

However, O'Callahan said that Mozilla is concerned about security issues, for example about the fact that a user will not see the URL of a service in full-screen mode.

The engineer suggested that Mozilla could go different routes to make full-screen scenarios more secure, for example by enabling full-screen modes only through a manual user request and providing a pop-up window.

"We can make sure that when going full-screen, we display a clear message describing how to leave full-screen - like Flash does, but hopefully better, O'Callahan wrote. "Then if a malicious page goes full-screen when the user didn't want to, the user will probably exit full-screen immediately."

More problematic are spoofing attacks that occur when a full-screen window is already opened. However, O'Callahan says that "most spoofing attacks require user input that the browser can detect" in which cases the URL bar could be shown. But even there appear to be issues, as especially games are designed to be in full-screen mode all the time "while receiving the full range of user input."

Mozilla does not have a solution for this problem and is asking security researchers for feedback.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
16 comments
    Your comment
    Top Comments
  • Anonymous
    And now we move the URL box 1 pixel to the left ... OMG FIREFOX 7
    13
  • stm1185
    HansVonOhainAnd this feature will be on firefox 9.


    So by Nov then, sweet!
    11
  • Other Comments
  • HansVonOhain
    And this feature will be on firefox 9.
    3
  • stm1185
    HansVonOhainAnd this feature will be on firefox 9.


    So by Nov then, sweet!
    11
  • amigafan
    I see Tom's just like Mozilla started with scheme of lots of minor and actually unimportant stuff released extremely often.
    0