javascript ads blocking should be improved

RESOLVED INVALID

Status

--
enhancement
RESOLVED INVALID
14 years ago
14 years ago

People

(Reporter: chtrusch, Assigned: dveditz)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050305
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050305

Go to the specified website, no matter how you fiddle with blocking
settings/browser.link.open_newwindow etc, you get a popup or a rederection in
the same window/tab to an advertizing site. Also go to any geocities website ads
have a look at what overlay ads can do; there is no way to prevent this except
turning off javascript, with reduces the functionality of the browser

Reproducible: Always




I couldn't check for duplicates because the search engine isnÄt working right now.

Comment 1

14 years ago
http://299093.guestbook.onetwomax.de/ triggered an intruder detection alert in
Norton Internet Security here, warning of a hight risk intrusion attack
(HTTP_MSIE_DHTML_Edit_Ctrl_Attack) from 80.190.203.68. The firewall closed down
the connections from that site for 30 minutes. No popup other than Norton Firewalls

Comment 2

14 years ago
describes the exployt - seems it's a phishing/spoofing attempt via a
cross-domain vulnerability described at
http://www.securiteam.com/windowsntfocus/5QP012KEVE.html
Over to security component for evaluation 
Assignee: general → dveditz
Component: General → Security
QA Contact: general → seamonkey

Comment 3

14 years ago
For me popups are blocked with Mozilla (incl. the plugin pref). But I see only
normal window.open calls.
(Assignee)

Comment 4

14 years ago
WFM, the ad server must've changed, and there's not enough detail here to fix
anything. Please search for duplicate bugs before filing, we've got a lot on
improving the popup blocker.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.