Closed
Bug 1447661
Opened 7 years ago
Closed 7 years ago
malware abusing builtin login dialog to prevent closing window
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 377496
People
(Reporter: elijahdorman, Unassigned)
Details
Attachments
(1 file)
|
427.42 KB,
image/png
|
Details |
specific-site.png
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:59.0) Gecko/20100101 Firefox/59.0
Build ID: 20180301022608
Steps to reproduce:
Lots of malware adverts uses alerts to prevent the user from closing the window. This can apparently be modified to give a very annoying attack ad by switching to the builtin secure login prompt. The webpage and dialog prompt the user to call their BS support line to (presumably) get scammed.
Actual results:
In this case, the advert was a screamer (loud audio), but the password prompt prevents the user from clicking the tab mute button (or anything else for that matter). Even worse, if it opens in a different tab, the browser appears to forces you over to it to login making it quite inescapable.
As an additional bug, hitting cancel then CMD-w to close the page sometimes (but not always -- I played with it a few times) presents a login prompt in whatever tab your browser auto-switches to afterward.
Expected results:
The solution seems to be multi-faceted. There's no reason for the prompt to hijack everything. The user should be able to ignore it until they go to the page to deal with it. Users should be able to click the X on the tab and the mute regardless of the login state. Further, for users that do not realize this, a checkbox to prevent further dialogs could be useful.
|
||
Comment 1•7 years ago
|
||
This is unfortunately well known and another great example of the maliciousness of window modal dialogs...
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•