Possible security problem / javascript dialogs that hide firefox

RESOLVED DUPLICATE of bug 402401

Status

()

RESOLVED DUPLICATE of bug 402401
11 years ago
9 years ago

People

(Reporter: notify, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Build Identifier: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9

I apologize if this is a dupe. I searched and couldn't find one like this.

I went to the site boards.thenest.com/boards/ShowPost.aspx?PostID=36130606 following a link on google. I was then redirected to http://performanceoptimizer.com/.landing/index.php?4656530f4a0653445b59165866474a6f540b6f500646560a43480b5a5b0a551f5f576d53563c06020c053d050a030d6f0352050c3d5756673a590b695559035f69096d070a520b69595e3d115842560d004355450d0b081e150556

The site hide my entire web browser and showed a single javascript popup; something to the effect of if you know if you're computer is secure. Clicking cancel brings the web browser back.

Subsequent visits wouldn't bring it up, so I'm guessing the advertising attempt is stored in a cookie and only happens once. I realize this is just advertising and simple javascript, but should javascript really be powerful enough to hide the entire web browser? I don't mind the annoying popups when trying to navigate away from the site because that functionality is necessary (e.g. making sure you don't navigate away from an unsaved document) , but the initial one, if you can reproduce it, seems like something that can be fixed / disabled. 

Feel free to mark as invalid. 

Reproducible: Sometimes

Steps to Reproduce:
1.
2.
3.

Updated

11 years ago
Component: Phishing Protection → Security
QA Contact: phishing.protection → firefox

Updated

11 years ago
Group: security

Comment 1

11 years ago
For me, loading the performanceoptimizer URL (with Options > Content > JavaScript > Advanced > "Allow scripts to: move or resize existing windows" checked) causes my browser window to fill the screen; it doesn't cause my browser window to become hidden.  I could imagine a site trying to hide the web browser behind an alert that way, though; see bug 402401 and bug 186708.

> I don't mind the annoying popups when trying to
> navigate away from the site because that functionality is necessary (e.g.
> making sure you don't navigate away from an unsaved document)

We actually do consider it to be a bug that web pages can put up prompts other than the "Are you sure you want to navigate away?" prompt using onunload and friends.  See bug 391834.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 402401
You need to log in before you can comment on or make changes to this bug.