Closed Bug 1432072 Opened 2 years ago Closed 2 years ago

Denial of service via basic auth FF 58.0 (Windows 10)


(Firefox :: Security, defect)

58 Branch
Not set





(Reporter: ericharding, Unassigned)


(Keywords: dupeme)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Build ID: 20180115093319

Steps to reproduce:

(Don't click these)
I was directed to a maliciouis site from some search results and ended up having to kill Firefox from an external process.

Initial url:
redirected to:

Actual results:

A red flashing page with a phone number appeared and an alarm sounded.  In the foreground multiple requests for authentication popped up and came back if dismissed.  There was no option to prevent further notification.

I could not silence the page or close the tab.  If I tried to interact with other tabs focus was pulled back to the authentication dialog after a few seconds. 

I was able to get the browser to respond again by disabling my network device (to stop the repeated popups) I tried to ctrl-s the page to get a repro and I did get the file picker dialog to choose a location but nothing was saved.  After attempting to save FF went completely unresponsive and I had to kill it.

Expected results:

I should have been able to close the tab.

Ideally - I should have been able to control the repeated popups.

Possibly related to : but that says fixed in 52.
Component: Untriaged → Security
Keywords: dupeme
Closed: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 377496
You need to log in before you can comment on or make changes to this bug.