Closed Bug 296478 (Popupblockingcrack) Opened 20 years ago Closed 20 years ago

Some sites have figured a way around the block popup function in Firefox

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 282931

People

(Reporter: steevo, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1

The last couple days browsing with Firefox I have noticed two instances where
the website operator has managed to find a way around the "block popups"
function in Firefox. 

The first time I thought it was a fluke. It just happened again and I saved it
as a test case.  The site happens to be experts-exchange.com, the other instance
I did not make a note of but I don't think it was this site.  FWIW this site
uses the intellixt popups that are used by tomshardware.com, that is not what I
am reporting. This is a window popup with no controls, and it IS firefox. I am
not using IE. This is not a hijack incident. 

Reproducible: Sometimes

Steps to Reproduce:
1.Googled usb flash driver 98
2.First hit is
http://www.experts-exchange.com/Operating_Systems/Win98/Q_20804334.html
3.Second hit is
http://www.experts-exchange.com/Operating_Systems/Win98/Q_20851386.html
4.I opened both those in new tabs for reading.  I immediately had a popup window
http://a.tribalfusion.com/h.click/MPFSGJKMENSQKHOESRRVNMNPOWFCRQGKTTOKYIGLFEPMIHIBBBIWTXDPOSOLVJBMIPFKIDKNGOPRV/http://www.tophosts.com
5. The window in step 2 has the firefox "blocked popup banner at top. The window
in step 3 does not. This might be a clue to the crack the web designer has
found, the popup was not blocked in the second window from that site. 

The popup blocked is the one I got, but the url referenced in the firefox banner
is not precisely the popup that was blocked. Close, and resulting in it, but not
exactly the same. a.tribalfusion.com/p.media/{long string}
6. I checked settings and block popups is properly selected. 
7. I opened
http://a.tribalfusion.com/h.click/MPFSGJKMENSQKHOESRRVNMNPOWFCRQGKTTOKYIGLFEPMIHIBBBIWTXDPOSOLVJBMIPFKIDKNGOPRV/http://www.tophosts.com
in a new window so I could get controls and read the source, but it opened and
redirected to http://www.tophosts.com



Actual Results:  
Viewed page source of the experts-exchange page that launched the popup. 
It contains

<div
style="background-image:url(/images/gradientInverted.gif);background-repeat:repeat-x;padding-top:10px;padding-bottom:10px;">
<table id=bannerAd style="margin:0px;">
  <tr>
    <td align=center>

       <!-- TF 468x60 JScript HORIZ code -->
<div style='z-index: 1; margin: 0px 0px 0px 0px;'>
<script language=javascript><!--
document.write('<scr'+'ipt language=javascript
src="http://a.tribalfusion.com/j.ad?site=ExpertsExchange&adSpace=OperatingSystems&size=468x60&type=horiz&noAd=1&requestID=532159977"></scr'+'ipt>');
//-->
</script>
<noscript>
   <a
href="http://a.tribalfusion.com/i.click?site=ExpertsExchange&adSpace=OperatingSystems&size=468x60&requestID=532159977"
target=_blank>
   <img
src="http://a.tribalfusion.com/i.ad?site=ExpertsExchange&adSpace=OperatingSystems&size=468x60&requestID=532159977"

                  width=468 height=60 border=0 alt="Click Here"></a>
</noscript>

Which I think had something to do with disabling the firefox popup blocking. But
it is still enabled. 

It appears that tribalfusion.com has had a hand in this. 

Expected Results:  
Blocked the popup in all instances. 

I did an HTTP get on the popup site 
Here is the result. 
I find this quite disturbing. 

06/02/05 21:02:01 Browsing
http://a.tribalfusion.com/h.click/MPFSGJKMENSQKHOESRRVNMNPOWFCRQGKTTOKYIGLFEPMIHIBBBIWTXDPOSOLVJBMIPFKIDKNGOPRV/http://www.tophosts.com
Fetching
http://a.tribalfusion.com/h.click/MPFSGJKMENSQKHOESRRVNMNPOWFCRQGKTTOKYIGLFEPMIHIBBBIWTXDPOSOLVJBMIPFKIDKNGOPRV/http://www.tophosts.com
...
GET
/h.click/MPFSGJKMENSQKHOESRRVNMNPOWFCRQGKTTOKYIGLFEPMIHIBBBIWTXDPOSOLVJBMIPFKIDKNGOPRV/http://www.tophosts.com
HTTP/1.1

Host: a.tribalfusion.com

Connection: close

User-Agent: Sam Spade 1.14



HTTP/1.1 302 Moved Temporarily

P3P: CP="NOI DEVa TAIa OUR BUS"

Cache-Control: no-cache

Location: http://www.tophosts.com

P3P: CP="NOI DEVa TAIa OUR BUS"

Content-Type: text/html

Content-Length: 36
See bug 258243 and bug 253831 comment 260, duplicate of bug 253831?
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b2) Gecko/20050603
Firefox/1.0+ ID:2005060302

WFM
I spoke to another firefox user and she has confirmed she is seeing popups the
last two days. 

She did not see any unexpected popups before that, and neither did I.  

Something has changed.  

FWIW, this technique might violate provision 8 of section 2 of the US anti
spyware law, should it be passed.  Maybe it has been passed.  

(8) removing or disabling a security, anti-spyware, or anti-virus technology
installed on the computer;

bug 253831 comment 271 
http://antipopup.unitedvirtualities.com/
almost certainly does.  At least I would argue that it does. 
Surfed another site. 
http://www.consumersearch.com/www/kitchen/blenders/fullstory.html
Site uses the same tribalfusion advertising company. 
Unexpected popup appears.  
http://a.tribalfusion.com/h.click/DUJUGQOJKJPHQEDMMLPNMTDFJORLOSOGOVXKCLPGQPWQPWGIMDJPUHMJLGAAYNXCORLOHRMIHA/http://www.education-advancement.com/colleges/uop/newStep1uop?mediaId=301766&sourceId=tf&siteId=450&zipcode=
This time it's an ad for University of Phoenix. I thought the University of
Phoenix was a reputable organization.  Hmm. 

Again, an HTTP get reveals same weird HaCKEr tExT.

06/03/05 20:42:37 Browsing
http://a.tribalfusion.com/h.click/DUJUGQOJKJPHQEDMMLPNMTDFJORLOSOGOVXKCLPGQPWQPWGIMDJPUHMJLGAAYNXCORLOHRMIHA/http://www.education-advancement.com/colleges/uop/newStep1uop?mediaId=301766&sourceId=tf&siteId=450&zipcode=
Fetching
http://a.tribalfusion.com/h.click/DUJUGQOJKJPHQEDMMLPNMTDFJORLOSOGOVXKCLPGQPWQPWGIMDJPUHMJLGAAYNXCORLOHRMIHA/http://www.education-advancement.com/colleges/uop/newStep1uop?mediaId=301766&sourceId=tf&siteId=450&zipcode=
...
GET
/h.click/DUJUGQOJKJPHQEDMMLPNMTDFJORLOSOGOVXKCLPGQPWQPWGIMDJPUHMJLGAAYNXCORLOHRMIHA/http://www.education-advancement.com/colleges/uop/newStep1uop?mediaId=301766&sourceId=tf&siteId=450&zipcode=
HTTP/1.1
Host: a.tribalfusion.com
Connection: close
User-Agent: Sam Spade 1.14

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVa TAIa OUR BUS"
Cache-Control: no-cache
Set-Cookie:
c91463=JLDRKINJIIRETLPPHPGSHUPMTEYNNHDKJMQXPLORPBQKINMLGHJLJEYQXGMKSLLNLIFLLJLIFB;
path=/; domain=.tribalfusion.com; expires=Sun, 05-Jun-2005 03:44:22 GMT;

Location:
http://www.education-advancement.com/colleges/uop/newStep1uop?mediaId=301766&sourceId=tf&siteId=450&zipcode=
P3P: CP="NOI DEVa TAIa OUR BUS"
Content-Type: text/html
Content-Length: 36
Alias: Popupblockingcrack

*** This bug has been marked as a duplicate of 282931 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.