1432072 - Denial of service via basic auth FF 58.0 (Windows 10)

Status: RESOLVED DUPLICATE of bug 377496

(Firefox :: Security, defect)

Description

[ericharding]

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Build ID: 20180115093319

Steps to reproduce:

(Don't click these)
I was directed to a maliciouis site from some search results and ended up having to kill Firefox from an external process.

Initial url: i214.fastandbrave.com/?rbatn=flow
redirected to: http://x0z04i90004.info/en/?id=KzEgKDg4OCkgNzkxLTA5NTQ





Actual results:

A red flashing page with a phone number appeared and an alarm sounded.  In the foreground multiple requests for authentication popped up and came back if dismissed.  There was no option to prevent further notification.

I could not silence the page or close the tab.  If I tried to interact with other tabs focus was pulled back to the authentication dialog after a few seconds. 

I was able to get the browser to respond again by disabling my network device (to stop the repeated popups) I tried to ctrl-s the page to get a repro and I did get the file picker dialog to choose a location but nothing was saved.  After attempting to save FF went completely unresponsive and I had to kill it.


Expected results:

I should have been able to close the tab.

Ideally - I should have been able to control the repeated popups.

Possibly related to : https://bugzilla.mozilla.org/show_bug.cgi?id=1312243 but that says fixed in 52.