Closed Bug 232627 Opened 21 years ago Closed 21 years ago

Browing to this url causes a storm of popups which complain about no disk being in /drive/harddrive/...

Categories

(Firefox :: General, defect)

x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 69070

People

(Reporter: aeschoen, Assigned: bugzilla)

References

()

Details

Attachments

(1 file)

User-Agent: Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 Using the google toolbar I searched for minka+antigua+sconce. The first hit was www.decorating-etc.com for discounted wall sconces(yes that's what I was looking for:)When I selected it with tabbed browsing I got stuck in a an uncancelable loop. Numerous pop-up boxes complained about no disk in /drive/harddrive/??. The ?? means I did not capture the rest. It looks like an attack aimed at a linux system. crtl-alt del showed firebird not reponding and new instances poping up. I suspect a badly designed web page, but such an excellent browser as firebird should block this behavior. Reproducible: Always Steps to Reproduce: 1.Search for minka+antigua+sconce in the Google toolbar 2.The first hit should be www.decorating-etc.com 3.Select while holding ctrl for tabbed browsing Actual Results: The Tab appears and while loading the pop-up box complains about no disk in /drive/harddrive/??? Expected Results: Go to a valid page or reject the storm of pop-ups from an offensive web site. The first time I could shut firebird down with windows task manager. The second time the pop-ups appeared faster than I could kill them. I recovered with a hard system reset. A virus scan shows no infection so far. It is still running.
Going to that URL causes nothing in my setup (I don't have the Google toolbar installed). I tested with WinIE6, and no popups appear. Could you try with a newer build (http://ftp.mozilla.org/pub/mozilla.org/firebird/nightly/latest-trunk/) ?
Tested using: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040130 Firebird/0.8.0+ I didn't get any popups, but I did get my CD-ROM drive spinning up. Here's why: <!-- fwtable fwsrc="Text_Button.png" fwbase="Home.gif" fwstyle="Dreamweaver" fwdocid = "742308039" fwnested="0" --> <tr> <td><img src="file:///E|/Images/Site/spacer.gif" alt="" width="32" height="1" border="0"></td> <td><img src="file:///E|/Images/Site/spacer.gif" alt="" width="59" height="1" border="0"></td> <td><img src="file:///E|/Images/Site/spacer.gif" alt="" width="1" height="1" border="0"></td> </tr> Whilst this is obviously not intentional in this case, I believe it is still correct for Firebird to try and load these images. Eg. in an intranet environment, you might have links to files on a fileserver.
This shows the actual pop-up. I removed firebird as requested, re-named the old directory to hide it and re-installed with teh firebird installer to get 0.8+ dated today. No change. Also the url works fine with IE on my box. I also still have the google feature as a small dialog to the right of the url dialog box. I expected it to go away with the clean install. Perhaps the registry has residual enties. I have used mozilla and firebird in sequence for over a year now so there may be irrational droppings. This is the only anomaly I have ever encountered other than my bank not allowing Firebird yet. I keep IE just for the one site.( and Microsoft sites since they put non-IE bombs in their scripts)
Your discovery of the reference to drive E makes sense. I have a flash card reader at drive E and it is empty. The pop-up however has a cancel option. It keeps trying again and again. You have the jist and the cause, dispatch the bug as a feature if you wish, but IE doesn't snag this way.(In reply to comment #2) > Tested using: > > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040130 > Firebird/0.8.0+ > > I didn't get any popups, but I did get my CD-ROM drive spinning up. Here's why: > > <!-- fwtable fwsrc="Text_Button.png" fwbase="Home.gif" fwstyle="Dreamweaver" > fwdocid = "742308039" fwnested="0" --> > <tr> > <td><img src="file:///E|/Images/Site/spacer.gif" alt="" width="32" > height="1" border="0"></td> > <td><img src="file:///E|/Images/Site/spacer.gif" alt="" width="59" > height="1" border="0"></td> > <td><img src="file:///E|/Images/Site/spacer.gif" alt="" width="1" > height="1" border="0"></td> > </tr> > > Whilst this is obviously not intentional in this case, I believe it is still > correct for Firebird to try and load these images. Eg. in an intranet > environment, you might have links to files on a fileserver.
Attempted on Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20040220 Firebird/0.7 and was unable to reproduce. Visiting this site on Internet Explorer does nothing either. It may be expected that Firebird would try to load these image files, but unprompted access to the user's local E drive could pose as a security issue.
It shouldn't show you the message or load. *** This bug has been marked as a duplicate of 69070 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: