Closed Bug 1475254 Opened 6 years ago Closed 6 years ago

pop-up window hijacks firefox - hijacks window focus - ignores "block pop-ups"

Categories

(Toolkit :: General, defect)

61 Branch
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 613785

People

(Reporter: james, Unassigned)

References

()

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Build ID: 20180705213349

Steps to reproduce:

1) Load "http://couldformonths.tk", or "http://couldformonths.tk/?number=855-257-7118" in a new tab.

2) Reload page if necessary to bring-up "Authentication Required" window.

3) Close "Authentication Required" window.

4) Congratulations!  Firefox Quantum has been hijacked!  Enjoy the repeating audio message threatening to disable your windows computer.  Call the toll-free number immediately!


Actual results:

1) "Block pop-up windows" has failed to block the "Authorization Required" pop-up.
2) Firefox fails to allow window focus to be removed from pop-up window.
3) Firefox fails to block "Authorization Required" window from re-opening when closed.
4) Firefox fails to allow the user to close the tab with the offending web site.


Expected results:

Firefox developers should have considered more carefully the security implications of failing to respond to a window focus event, which prevents the user from closing the tab with the offending website.
Severity: normal → major
Status: UNCONFIRMED → RESOLVED
Has STR: --- → yes
Closed: 6 years ago
Component: Untriaged → General
Product: Firefox → Toolkit
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.