6691503: Malicious applet can show always-on-top popup menu which has whole screen size

Summary: The fix for 6675802 is replaced by a try-catch clause that catches SequrityExceptions for applets.
Reviewed-by: alexp

1 files changed, 9 insertions, 8 deletions

diff --git a/src/share/classes/javax/swing/Popup.java b/src/share/classes/javax/swing/Popup.java
index b246b67f4..a6373f87b 100644
--- a/src/share/classes/javax/swing/Popup.java
+++ b/src/share/classes/javax/swing/Popup.java
@@ -229,14 +229,15 @@ public class Popup {
             // Popups are typically transient and most likely won't benefit
             // from true double buffering.  Turn it off here.
             getRootPane().setUseTrueDoubleBuffering(false);
-            java.security.AccessController.doPrivileged(
-                    new java.security.PrivilegedAction<Object>() {
-                        public Object run() {
-                            setAlwaysOnTop(true);
-                            return null;
-                        }
-                    }
-            );
+            // Try to set "always-on-top" for the popup window.
+            // Applets usually don't have sufficient permissions to do it.
+            // In this case simply ignore the exception.
+            try {
+                setAlwaysOnTop(true);
+            } catch (SecurityException se) {
+                // setAlwaysOnTop is restricted,
+                // the exception is ignored
+            }
         }
 
         public void update(Graphics g) {