Closed Bug 1432072 Opened 2 years ago Closed 2 years ago

Denial of service via basic auth FF 58.0 (Windows 10)

Categories

(Firefox :: Security, defect)

58 Branch
defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 377496

People

(Reporter: ericharding, Unassigned)

Details

(Keywords: dupeme)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Build ID: 20180115093319

Steps to reproduce:

(Don't click these)
I was directed to a maliciouis site from some search results and ended up having to kill Firefox from an external process.

Initial url: i214.fastandbrave.com/?rbatn=flow
redirected to: http://x0z04i90004.info/en/?id=KzEgKDg4OCkgNzkxLTA5NTQ





Actual results:

A red flashing page with a phone number appeared and an alarm sounded.  In the foreground multiple requests for authentication popped up and came back if dismissed.  There was no option to prevent further notification.

I could not silence the page or close the tab.  If I tried to interact with other tabs focus was pulled back to the authentication dialog after a few seconds. 

I was able to get the browser to respond again by disabling my network device (to stop the repeated popups) I tried to ctrl-s the page to get a repro and I did get the file picker dialog to choose a location but nothing was saved.  After attempting to save FF went completely unresponsive and I had to kill it.


Expected results:

I should have been able to close the tab.

Ideally - I should have been able to control the repeated popups.

Possibly related to : https://bugzilla.mozilla.org/show_bug.cgi?id=1312243 but that says fixed in 52.
Component: Untriaged → Security
Keywords: dupeme
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 377496
You need to log in before you can comment on or make changes to this bug.