Closed Bug 1411537 Opened 7 years ago Closed 7 years ago

"Resend Post-Data" message should be able to be skipped

Categories

(Core :: DOM: Navigation, defect, P3)

Product:
Core
Component:
DOM: Navigation
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1412559

People

(Reporter: firefoxbugzilla, Unassigned)

Details

Attachments

(1 file)

PCAP of the enless loop code
59.36 KB, application/x-pcapng
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20170928210252 Steps to reproduce: I got onto a page that tried to scam me into downloading a "new version of firefox" and I was unable to close it. Actual results: I recently got onto a scam-page that I wasn't able to close because everytime I tried to close either the tab or the window, it asked me if I really wanted to close that page, and after that, tried to resend some hidden formular with POST, so the "resend post-data" message apperated. There were only two options: resend the page, which leads to the same page again, or close the browser, which then tried to asked me whether I really want to close that page or not and no matter what I did there, it tried re-sending the post-data and showing me that post-data-resend-dialog. Expected results: There should be an option, like in alert()-messages, that I do not want to see further dialogs from this page and just want to close it. Optimally, there should be an option that I never want to see that "do you really want to close this site?"-dialog again. This would take away another scammer's method to keep one on their site.
Component: Untriaged → Document Navigation
Product: Firefox → Core
(In reply to firefoxbugzilla from comment #0) > User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 > Firefox/52.0 > Build ID: 20170928210252 > > Steps to reproduce: > > I got onto a page that tried to scam me into downloading a "new version of > firefox" and I was unable to close it. > > > Actual results: > > I recently got onto a scam-page that I wasn't able to close because > everytime I tried to close either the tab or the window, it asked me if I > really wanted to close that page, and after that, tried to resend some > hidden formular with POST, so the "resend post-data" message apperated. > There were only two options: resend the page, which leads to the same page > again, or close the browser, which then tried to asked me whether I really > want to close that page or not and no matter what I did there, it tried > re-sending the post-data and showing me that post-data-resend-dialog. > > > Expected results: > > There should be an option, like in alert()-messages, that I do not want to > see further dialogs from this page and just want to close it. Optimally, > there should be an option that I never want to see that "do you really want > to close this site?"-dialog again. This would take away another scammer's > method to keep one on their site. Does this meet what you expect ultimately? https://support.mozilla.org/en-US/questions/1067058
Flags: needinfo?(firefoxbugzilla)
Priority: -- → P3
The workaround does not help the normal user against this kind of attack/annoyance. PCAP included
See Also: → 1416345
According to the pcap, the site uses an iframe to POST a form and then make a reload in the redirected page. That matches the behavior of bug 1412559 and all duplicated bugs of it. It looks this POST trick has been a common pattern across multiple spam sites, sadly we couldn't roll out the fix sooner.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Flags: needinfo?(firefoxbugzilla)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: