Website opens popups in fullscreen and tricks user into installing add-on
Categories
(Toolkit :: Add-ons Manager, defect, P3)
Tracking
()
People
(Reporter: uskolor, Unassigned)
References
(Blocks 2 open bugs)
Details
Attachments
(2 files)
website.jpg
User Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
Hello I would like ask why my Firefox is vulnerable for that website .I have install plugin .
http://mns07.xyz/ww/
Actual results:
Website do not allow my go I have install plugin .If click the website made full screen
Expected results:
I should normally left website but I can't
|
Reporter | |
Comment 2•5 years ago
|
||
Because you respond was later .Probably owner remove this website .I wanted show you how Firefox is valuable .
Now is too later .
Hello I would like ask why my Firefox is vulnerable for that website .I have install plugin .
I think it is a deceptive picture to guide you download and install a malicious software. No more worry.
|
|
Reporter | |
Comment 4•5 years ago
|
||
I find yo website where is the same
|
|
Reporter | |
Comment 5•5 years ago
|
||
source of this website !!
|
|
Reporter | |
Comment 6•5 years ago
|
||
I can't move or back from this website .
(In reply to iiiiikolor@gmail.com from comment #4)
I find yo website where is the same
Press Esc key work for me.
This need to move to a better component, I guess.
|
||
Comment 8•5 years ago
|
||
This bypassed our patch for Bug 1412561 by opening a popup and requesting the addon installation there.
|
|
||
Comment 9•5 years ago
|
||
The phishing site will most likely not stay online for very long. I've created a copy of the site but stripped out all the malicious code. You can try it out here: https://eviltrap.site/trap/fullscreen-addon-popup/
To exit simply close the popup and press the Esc key.
|
|
Reporter | |
Comment 10•5 years ago
|
||
Yes I understand you .I can go out of this website .But this is real example how Firefox is able beat,hit but some website .YOU want to be the best Browser .Then listen me .Make Firefox stronger and any of this website will effected of our Browser.
|
|
||
Updated•5 years ago
|
|
||
Comment 11•5 years ago
|
||
The priority flag is not set for this bug.
:wleung, could you have a look please?
For more information, please visit auto_nag documentation.
|
|
||
Comment 12•5 years ago
|
||
Moving to Add-ons Manager, since this is mostly about the add-on installation in fullscreen.
|
|
||
Comment 13•5 years ago
|
||
The priority flag is not set for this bug.
:jimm, could you have a look please?
For more information, please visit auto_nag documentation.
|
||
Updated•5 years ago
|
|
|
||
Comment 14•5 years ago
|
||
The priority flag is not set for this bug.
:jimm, could you have a look please?
For more information, please visit auto_nag documentation.
|
|
||
Updated•5 years ago
|
|
|
||
Comment 15•5 years ago
|
||
This should be fixed now that we leave fullscreen when a website opens a popup.
|
||
Comment 16•5 years ago
|
||
Should be resolved in Nightly.
|
||
Comment 17•5 years ago
|
||
So, this is a dupe of bug 1432856? This would be fixed by https://hg.mozilla.org/mozilla-central/rev/10fde12558b7cf7fb1f2849d8b2bdbf3b5b196c9. I suggest just opening open the other bug.
|
||
Comment 18•5 years ago
|
||
The comment 9 case WFM in Fx72 which does not have the patch for bug 1432856. Was there a separate change where doorhangers kill fullscreen, too?
|
|
||
Comment 19•5 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #18)
The comment 9 case WFM in Fx72 which does not have the patch for bug 1432856. Was there a separate change where doorhangers kill fullscreen, too?
I've just tested this again with Firefox 72 on Ubuntu 19.10. The website stays in fullscreen for me with the popup + doorhanger on top.
Addon install permission doorhangers do not kill fullscreen, they are blocked/denied in fullscreen. There is Bug 1412561 for permission prompts, but I don't think that includes the addon prompts.
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
Description
•