Popup not blocked, possibly a Flash exploit, no other dialog boxes open.

RESOLVED DUPLICATE of bug 253831

Status

()

RESOLVED DUPLICATE of bug 253831
14 years ago
14 years ago

People

(Reporter: metaclops, Assigned: bugzilla)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10

http://www.macromedia.com/go/DMJA_ABXE allows a popup, it's possibly a Flash
exploit. No other firefox windows or dialog boxes were open, so this didn't seem
to match any other bug reports. 

The new IE6 popup blocker successfully blocks this popup. 

This bug could be caused by anything, macromedia uses a labryinth of
javascripts, meta refreshes, and flash to force users down certain paths.

Reproducible: Always
Steps to Reproduce:
1.Go to http://www.macromedia.com/go/DMJA_ABXE

2.Use this to log in if needed: 
username: joebillybob_x99@mailinator.com
pass: pass99

3. Enjoy an annoying popup

Actual Results:  
Pop up blocker failed.

Expected Results:  
Blocked popup.

Comment 1

14 years ago
I've got no flash plugin installed.
I have no popup on that page - so my guess its flash trick.

-rOmAz

Comment 2

14 years ago
I've got no flash plugin installed.
I have no popup on that page - so my guess its flash trick.

-rOmAz
It redirects and opens a new page in the process.
I doubt this is a flash popup

If you revisit the page it get's redirected right away, based on the presence of
the cookie and opens the new page in a new window too (popup).

duplicate of bug 253831 ?
(Reporter)

Comment 4

14 years ago
Think I figured out how they do it.

1. http://www.macromedia.com/go/DMJA_ABXE redirects to
http://www.macromedia.com/cfusion/ondemand/index.cfm?id=281&type=2&sdid=DMJA_ABXE

2. ...which contains the following javascript: 
<script language="JavaScript">
function openShellWindow() {
var ondemand =
window.open('ondemand.cfm?id=281&type=2&promoid=0&trackingid=0&sdid=DMJA_ABXE','seminarWindow','width=832,height=696,screenX=0,screenY=0,left=0,top=0,location=0,menubar=0,scrollbars=0,resizable=0,toolbar=0,status=0');
if (navigator.userAgent.indexOf('Mac') != -1 &&
navigator.appName.indexOf('Microsoft') != -1) {
ondemand.resizeTo(832,696);
}
ondemand.focus();
window.location = "/macromedia/events/online/ondemand/index.html";
}
< /script>


3. ...and also embeds the following swf:
http://www.macromedia.com/swf/ondemand/od_ver_checker.swf

4. Open just the swf in firefox and do a view source, you'll see the following
function: javascript:openShellWindow()

Forgot to mention that I disabled all extensions and the popup still appears.

I'll mark this at a dupe of bug 253831.

Thanks
(Reporter)

Comment 5

14 years ago

*** This bug has been marked as a duplicate of 253831 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.