288628 - javascript ads blocking should be improved

Status: RESOLVED INVALID

(SeaMonkey :: Security, enhancement)

Description

[ChrisX]

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050305
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050305

Go to the specified website, no matter how you fiddle with blocking
settings/browser.link.open_newwindow etc, you get a popup or a rederection in
the same window/tab to an advertizing site. Also go to any geocities website ads
have a look at what overlay ads can do; there is no way to prevent this except
turning off javascript, with reduces the functionality of the browser

Reproducible: Always




I couldn't check for duplicates because the search engine isnÄt working right now.

Comment 1

[R.K.Aa.]

http://299093.guestbook.onetwomax.de/ triggered an intruder detection alert in
Norton Internet Security here, warning of a hight risk intrusion attack
(HTTP_MSIE_DHTML_Edit_Ctrl_Attack) from 80.190.203.68. The firewall closed down
the connections from that site for 30 minutes. No popup other than Norton Firewalls

Comment 2

[R.K.Aa.]

describes the exployt - seems it's a phishing/spoofing attempt via a
cross-domain vulnerability described at
http://www.securiteam.com/windowsntfocus/5QP012KEVE.html
Over to security component for evaluation 

Comment 3

[OstGote!]

For me popups are blocked with Mozilla (incl. the plugin pref). But I see only
normal window.open calls.

Comment 4

[Daniel Veditz [:dveditz]]

WFM, the ad server must've changed, and there's not enough detail here to fix
anything. Please search for duplicate bugs before filing, we've got a lot on
improving the popup blocker.