Closed Bug 281472 Opened 20 years ago Closed 20 years ago

Popups bypass Firefox popup blocker

Categories

(Firefox :: General, defect)

1.0 Branch
x86
Windows XP
defect
Not set
major

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: FarkFnord, Assigned: bugzilla)

References

()

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Visiting this site will trigger a popup. I poked through the javascript, but it looks like whatever they're doing is a complicated multi-step process. Not sure exactly what they're doing, but it's clearly designed to bypass popup blockers. Oh, it looks like they set a cookie to limit how often the popup is triggered. It's easily reproducable if you clear the poststuff*.etensity.net and paypopup.com cookies. At least on my system, the popup is barely on the screen, only a tiny bit shows in the lower right corner. But it does show up as a window on the XP task bar. I dunno if it moves, or if it's there because I have the Firefox Javascript options set to disallow moving windows. It also seems to add three or four entries to the browser history (eg, under "Go" menu), which seems a little odd. It's a bit disturbing because this is the first popup I've seen in Mozilla/Firefox for a *long* time... Many months, at least. Reproducible: Always Steps to Reproduce: 1. Visit URL 2. Close popup 3. Clear cookies 4. Lather, Rinse, Repeat
WFM - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b) Gecko/20050206 Firefox/1.0+
WFM Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b) Gecko/20050206 Firefox/1.0+ I see a "pop-up blocked" icon in my status bar. > It also seems to add three or four entries to the browser history (eg, under > "Go" menu), which seems a little odd. The "Go" menu in Firefox displays recent entries in global history.
This is probably a dupe of Bug 270867?
(In reply to comment #3) > This is probably a dupe of Bug 270867? Actually, that bug has to do with JavaScript exploiting the onClick() event to pop up windows. However, both the JavaScript pop-up blocker bypasser AND the Flash pop-up blocker are now in very active use in Internet advertising nowadays. For example, visit this site with Flash installed: http://www.signonsandiego.com/news/world/20050215-1749-kyotoprotocol.html ...BOOM! A pop-up, generated by this nasty automatically-generated Flash file: http://cdn.fastclick.net/fastclick.net/ffp.swf Notice its name, "ffp", meaning "F"ire"f"ox "P"opup. They know about this bug, and it's only a matter of time before this turns into an epidemic. PLEASE...will the developers look at this? The newest version of Internet Explorer blocks these pop-ups!
SURPRISE! It's happened again... http://abcnews.go.com/Politics/wireStory?id=505718 (you might have to erase all your cookies for it to happen, but it will happen).
I'm not sure if this is the same problem, but http://thesaurus.reference.com/search?q=fickle has similar behavior.
I was unable to replicate this bug. I created a brand new profile, so that none of my modifications to the popup settings would affect it in any way, ensured that all cookies were cleared each time and visted each URL provided within this bug, yet not one of them successfully popped up a new window. Some of them tried but Firefox displayed the popup blocker info bar and stopped them.
Well, I was finally able to get the popup to work (I still don't know why it didn't before), but I've also found a workaround for it. 1. Go to about:config 2. Set browser.tabs.showSingleWindowModePrefs to true 3. Go to Tools > Options... 4. Select the Advanced tab 5. Check "Force links that open new windows to open in:" 6. Check "the same tab/window as the link" That also explains why my normal profile doesn't get popups either, because I have that set to stop the annoying target attribute opening new windows.
(In reply to comment #4) > > For example, visit this site with Flash installed: > http://www.signonsandiego.com/news/world/20050215-1749-kyotoprotocol.html > ...BOOM! A pop-up, generated by this nasty automatically-generated Flash file: > http://cdn.fastclick.net/fastclick.net/ffp.swf > > Notice its name, "ffp", meaning "F"ire"f"ox "P"opup. They know about this bug, > and it's only a matter of time before this turns into an epidemic. Flash popups are Bug 176079, see the workaround there or here: http://www.mail-archive.com/mozilla-security@mozilla.org/msg02383.html. The original problem is WFM for this report on Trunk, but I can confirm it for Firefox 1.0 (branch). The site uses this script http://www.entensity.net/crap/ad.js for the popunder, which uses http://www.paypopup.com/popup.php?id=theshane&pop=enter&t=5&subid=6552&blk=1 to show it. Marking WFM since the popup is blocked with trunk builds.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
Version: unspecified → 1.0 Branch
(In reply to comment #9) > The site uses this script http://www.entensity.net/crap/ad.js for the popunder, > which uses > http://www.paypopup.com/popup.php?id=theshane&pop=enter&t=5&subid=6552&blk=1 to > show it. That script reveals that they use onClick handler for Firefox to circumvent the popup blocker. So this is related to Bug 263777.
Here is a possible workaround/fix that may be a good idea to include in a future update by default: http://artsandarses.typepad.com/weblog/2005/04/websites_subver_1.html It involves an integer value setting in about:config for privacy.popups.disable_from_plugins. Thanks
You need to log in before you can comment on or make changes to this bug.