User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:188.8.131.52) Gecko/20071025 Firefox/184.108.40.206 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20071025 Firefox/18.104.22.168 mozilla browser crashes. false "error message" appears asking me to download. it says "error detected. the page at http://fixthemnow.com says notice your system is not optimized and your computer...would you like to install fixthemnow. when I again double-click on mozilla browser icon it appears only in a tiny window in the upper right of screen, then I must hit the enlarge square to have mozilla browser fill my screen (and start all over again from my home page). this bug has appeared under different names such as Drivecleaner. Reproducible: Always Steps to Reproduce: 1. It happens when I've opened the mozilla browser. sometimes there is a delay and sometimes it is immediate like tonight. 2.I have several tabs. It might be that I am going between tabs. not sure about this. 3. Actual Results: entire mozilla browser crashes. I lose any website I was on. Error message appears asking me to click on it per information above, e.g. 'your system is not optimized...' I ignore message and go to original mozilla icon on screen and again double-click to open. It opens to a small window rather than filling the entire page and does not show me my homepage. I then click on that tiny window with the square to enlarge the screen and only then does my homepage appear. all websites I had been logged onto are no longer apparent, and I start from the beginning again. "error detected" remains on my screen. It crashes only that once and I do not put my mouse on the "error detected" which asks me to download something. When I've closed my computer shutting down all tabs on mozilla, and then turn on computer another time and open mozilla browser, message often says mozilla was never correctly shut down and option is offered do I want to continue as it was or start a new screen with mozilla. this is even though I have properly closed out of the second opening of mozilla. this happens because the bug improperly closed the first mozilla browser window. Expected Results: The mozilla browser should not have crashed and I should not have to begin over again to open the browser. When I shutdown the computer and go another time to open mozilla, I get the valid message saying that mozilla was never shut down properly and do I want to go back to how it was or to a new screen. it is mozilla that crashes -- not the computer that crashes. The error message asks me to go to their website and try their material, e.g. "would you like to install fixthemnow to optimize your computers performance for free, and then I'm offered options yes or no. this has appeared under different names such as drivecleaner.com fixthemnow.com
Does this happen immediately after you open Firefox? If so, what is your home page?
Can you attach a screenshot of the fake crash message window?
>it says "error detected. the page at http://fixthemnow.com says notice your >system is not optimized and your computer...would you like to install >fixthemnow. "The page at ... says" is something Firefox puts in alert() messages from web pages. So maybe the site is making the browser window tiny and then covering it with an alert()? Sneaky!
http://www.siteadvisor.com/sites/drivecleaner.com/ points to http://www.drivecleaner.com/.freeware/?p=43&ax=1&ex=1&ed=2&aid=coasteye_rdt&lid=infy which does indeed resize the browser. It shows a fake WinXP-looking window, dialog, *and* system tray notification bubble inside the browser content area. Pretty nasty, but not exactly the same as what you described.
Created attachment 287496 [details] What Jesse imagines the site is doing This resizes your browser window to be tiny, then covers it with an alert. Tested on Mac.
The idea behind the "no smaller than 100x100" restriction was precisely to prevent people from hiding the window. It probably worked better in the old days of 800x600 displays. Is it time to reconsider the lower bound, make it bigger? Unfortunately alerts can also be made bigger by the atacker to compensate so that might not help in practice. What about flipping the "allow move and resize" pref -- I've not run into any legit sites badly broken because I don't allow them to do that.
I agree that we should flip the "allow move and resize" pref (bug 186708).
(In reply to comment #5) > http://www.siteadvisor.com/sites/drivecleaner.com/ points to > http://www.drivecleaner.com/.freeware/?p=43&ax=1&ex=1&ed=2&aid=coasteye_rdt&lid=infy > which does indeed resize the browser. It shows a fake WinXP-looking window, > dialog, *and* system tray notification bubble inside the browser content area. > Pretty nasty, but not exactly the same as what you described. My Comment back: You are right, the browser was resized. I followed your directions so that it could not be resized, and now the bug has changed names and is freezing the screen. I'll try and explain as clearly as I can. The bug has morphed to call itself Hard Drive Guard.com and is keeping me from going to any of my tabs. It is showing up in my address bar as: http://harddriveguard.com/clean/?tmn=es5&eai=1yingsir&eli=ff2s_ao_4055_0_164 (I'm unable to read the rest and cannot highlight or copy it in the address bar. In the bottom of my screen is a box with world mozilla icon and it says Error Detected-... also showing on left hand side of screen is "transferring data from harddriveguard.com..." though nothing seems actually to be transferring. In the very top of my frozen screen in the first line possible is another mozilla red world icon "Error Detected - Mozilla Firefox" I cannot go to my tabs I cannot input anything into the address space I cannot close out the tab I am able to use my start menu and can go to wordpad, etc. To use the web browser, I've gone to start menu and opened a second Mozilla Firefox. The bug seems to attack only one browser at a time. The second Mozill works and is not frozen. That is how I accessed the Yahoo mail. I notice that though I have six tabs on my home page, repeatedly one of them has a "problem loading" icon yellow triangle. When I tab to that one, the address bar will show my chosen site so I don't have to retype the url and only hit "enter" for the site to come up without problem. I don't know if it is related to the bug. However, on the browser which is frozen because of the bug, the tab I spoke about above is showing the proper url and it is the one next to it that says "error detected", so perhaps there is no relationship? I'm going to try and include a screen shot of the frozen browser homepage. (Appapparently, I cannot just copy and paste the screen shot here.) >
Use the "Add an attachment" link in the bug report to upload a screenshot. If it's only in your clipboard, turn it into a PNG by pasting it into MS Paint, selecting "Save As...", and selecting PNG from the type dropdown.
oh, jesse: In my case, I clicked cancel, and it took me to that page, I didn't click ok, but assume the same thing would have happened. I have been unable to reproduce, sadly.
Grey, The scanner2.malware pop up is coming from seekingalpha.com page. It is easily duplicated. The problem happens when you click on one of their articles, not any one in specific. It is a Firefox specific problem, i have tried to reproduce with IE7 and Opera and it does not happen. It is frustrating that this is happening from a legitimate site.
Well1 I totally missed it. Glad someone looked closer than I had. :)
Copied from the newsgroup: Gijs Kruitbosch wrote: > As a sidenote, it would be Nice, though presumably very hard, to have > the alert dialog not be modal with respect to the browser UI - just to > the website... Yes! This makes a lot of sense to me, but I don't see why it should be so hard. Currently the alert is a XUL window. Couldn't the nsIDOMWindow part temporarily supplant the tab's nsIDOMWindow in a modal fashion? Then the alert is physically attached to the page that creates it.
If all of the 'window' objects are within a single tab, all of the logic you outline is preserved. We know that because the modal alert derives from a time before tab browsing. So my comment 20 based in Gijs's suggestion stands: modality with respect to a tab/page is a good approach to this problem. If mozilla does indeed move to different processes, then this will be the natural solution. Else we need a fix.
Alerts are now content-modal since bug 59314 so this specific attack is no longer possible without the browser chrome being visible. A fix to bug 548777 would still be nice to have though. Thanks for the report.