Closed Bug 1486206 Opened Last year Closed Last year

Pupup-ad forces to enter user credentials making it impossible to close the window

Categories

(Firefox :: Security, defect)

61 Branch
Desktop
All
defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 377496

People

(Reporter: becker.aram, Unassigned)

Details

Attachments

(2 files)

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Steps to reproduce:

A popup-ad opened and requested user credentials.


Actual results:

I wasn't able to close the window. When clicking cancel the credential window opened again immediately preventing the ad to be closed. I had to kill the firefox process and lost my other opened tabs. This can be harmful as the ad is very confusing, going to fullscreen when clicking somwhere on the window, trying to enable notifications and asking to install a plugin all at the same time. Something similar to this could trick users into installing harmful software.


Expected results:

I should have been able to close the window without killing the firefox process. The window for user credentials should not block the UI of the underlying window (at least not the close button).
Hardware: Unspecified → All
Link to the ad (be careful when following this): http://foxmacff.cool/3/click/813021/?csum=bcMWXPe5xGog0_h0YdzA7ljk9NP9yhrWcABFduiBz8Ii2ZwGr6XbTOqkRpe9kYDxzzovpnMDgNFS7CPglbVZ1g%2C%2C&_subid=vlok6g1ajh1qqtnpncu&_token=uuid_vlok6g1ajh1qqtnpncu_vlok6g1ajh1qqtnpncu5b8151c12e9fc6.72570941

It also has some weird behaviour, like setting a custom cursor image so that it is no longer clear where your cursor is, so the user doesn't know what he actually clicks on. I have never seen such an obstrusive ad, but at least it highlights some security flaws.
OS: Unspecified → All
Hardware: All → Desktop
Be aware that opening the html files without precaution might cause harm to your device as this seems to be a malicious popup ad.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: Last year
Component: Untriaged → Security
Resolution: --- → DUPLICATE
Duplicate of bug: 377496
You need to log in before you can comment on or make changes to this bug.