Closed Bug 1403207 Opened 7 years ago Closed 7 years ago

Pop Ups Appeared on Relaunch despite Preference Settings

Categories

(Firefox :: Session Restore, defect)

Product:
Firefox
Component:
Session Restore
Version:
55 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: tom, Unassigned)

References

Details

Attached file previous.js.formatted
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 Build ID: 20170816210634 Steps to reproduce: My daughter was using Firefox on Ubuntu 16.04 for homework which involved researching a Pop Musician. I used the computer afterwards. I launched Firefox after a restart from hibernate. Pop-ups are blocked in Firefox Preferences. I was running Firefox without AdBlocker extensions. Actual results: Immediately after the relaunch two pop-ups appeared in addition to the Firefox main window with her open tabs. One of the pop-ups was for a gambling site. The other was a window with extremely graphic pornographic image. Fortunately there were no children present when this occurred. Expected results: The only window that should have appeared is the firefox main window. No pop-ups should have appeared. We have spoken with our daughter and there was no undesired content when she was doing her homework. Looking at the History `perfecttoolmedia` seems to be the source of the pop-ups. I am attaching the previous.js file to assist you - this file is for Mozillas use only - please do not put my previous.js in the open domain. Given the nature of the content of the pop-ups and the nature of the searches undertaken prior to the incursion (pop musicians) this had the potential to expose minors to disturbing content. Perfecttoolmedia is associated with malware, As I am using Ubuntu I assume I am relatively immune from operating system issues. There appears to be a vulnerability in firefox which means that pop-ups can appear on a subsequent launch after being exposed to "infected" websites.
Group: firefox-core-security
Component: Untriaged → DOM
Product: Firefox → Core
Reading through the attachment, isPopup was set to true. I wonder if something went wrong when we restore sessions. Moving to Firefox:Session Restore component to see if we would get more ideas. Feel free to reset the module if my logic isn't right...
Component: DOM → Session Restore
Product: Core → Firefox
Well, I'm not able to see the attachment, due to security restrictions, so that's blocking me from taking a look. Ryan, what do I need to do to be able to see the attachment?
Flags: needinfo?(ryanvm)
Flags: needinfo?(ryanvm)
Thanks to Ryan I was able to take a look at the previous.js file and noticed that 'isPopup' is set _only_ for the set of closed windows, which are _never_ restored on startup, but they are restored when you select it from the list of 'Recently Closed Windows' or hit CTRL+SHIFT+N. In other words: this is only possible through user action. Additionally, I haven't seen reports like this anywhere else. If you can give me a reliable STR, please feel free to re-open this bug and I'll prepare a fix right away! But at the moment there is not enough info for me to dive deeper.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.