Closed Bug 1432072 Opened 2 years ago Closed 2 years ago
Denial of service via basic auth FF 58
.0 (Windows 10)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Build ID: 20180115093319 Steps to reproduce: (Don't click these) I was directed to a maliciouis site from some search results and ended up having to kill Firefox from an external process. Initial url: i214.fastandbrave.com/?rbatn=flow redirected to: http://x0z04i90004.info/en/?id=KzEgKDg4OCkgNzkxLTA5NTQ Actual results: A red flashing page with a phone number appeared and an alarm sounded. In the foreground multiple requests for authentication popped up and came back if dismissed. There was no option to prevent further notification. I could not silence the page or close the tab. If I tried to interact with other tabs focus was pulled back to the authentication dialog after a few seconds. I was able to get the browser to respond again by disabling my network device (to stop the repeated popups) I tried to ctrl-s the page to get a repro and I did get the file picker dialog to choose a location but nothing was saved. After attempting to save FF went completely unresponsive and I had to kill it. Expected results: I should have been able to close the tab. Ideally - I should have been able to control the repeated popups. Possibly related to : https://bugzilla.mozilla.org/show_bug.cgi?id=1312243 but that says fixed in 52.
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 377496
You need to log in before you can comment on or make changes to this bug.