Closed Bug 1373353 Opened 7 years ago Closed 7 years ago

Web page loads basic auth login prompt, starts playing audio about adware/spyware/virus, unable to close tab

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 613785

People

(Reporter: gps, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-dos, sec-low) 

Somehow the following page loaded in my Nightly:

  http://13-554x0001x0-virus.com/en/?id=KzEgKDg4OCkgNzUzLTE2NDc

Unless you really want poke at it, I advise not clicking the link and watching https://youtu.be/xvEkuS__bfI instead.

It displayed what looked like a Windows Defender warning box. It started playing audio telling me my machine was infected and to call a number.

Page also features an emulated pointer that moves randomly around the screen. At first I thought it was actually overriding mouse inputs!

It also opens a basic auth login prompt that steels focus so you can't click the X in the tab bar to close the tab nor use keyboard shortcuts for closing the tab. You have to click cancel in the basic auth prompt multiple times before you are allowed to interact with the Firefox chrome to nuke the tab.

And to top it off, attempting to close opens a new tab and reloads the page.

This is without question the most annoying web experience I've had in several years. I'd like to think my user agent would put me in more control in situations like this. By contrast, Chrome exhibits most of the same behavior. However you are able to close the tab with the basic auth prompt active and the page doesn't reopen on tab close.

Not sure where to begin with bug reports. So filing in Firefox :: General and CCing dveditz.
Wow, that is obnoxious. Any idea what lead to that page load?
Blocks: eviltraps
Keywords: csectype-dos, sec-low
Wennie, this seems interesting to fix.  Can you figure out where it goes, please?
Flags: needinfo?(wleung)
Hi Jonathan, please take a look at this bug.
Flags: needinfo?(wleung) → needinfo?(jkt)
(In reply to Jeff Bryner [:jeff]  (use NEEDINFO) from comment #1)
> Wow, that is obnoxious. Any idea what lead to that page load?

I landed on a non-mainstream news site following a Google search. I suspect this badness got loaded through an ad somehow, as the site was full of ads.
Component: General → DOM: Security
Product: Firefox → Core
bug 613785 (tab-modal auth prompts) would go a long way to making this better, or at least chrome-equivalent. Most of the other tricks are covered by other dependencies of the "eviltraps" bug.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Clearing ni.
This likely needs UX to work on the tab modal/doorhanger for Bug 613785, Wennie we might want to put some resource on deciding how it should look.
Flags: needinfo?(jkt)
You need to log in before you can comment on or make changes to this bug.