On going to this site, the browser minimized and an alert window popped up and gave a "You need to be scanned message"

RESOLVED INVALID

Status

()

Firefox
Security
--
major
RESOLVED INVALID
9 years ago
9 years ago

People

(Reporter: Daniel Lo, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

I was browsing the web and I encountered this site.  The code on the site minimized my browser window and popped up a window saying

[title] The page at http://antivirus20009-freescan.com says:

ATTENTION: If your computer is infected, you could suffer data loss, erratic PC behaviour, PC freezes and creahes.

Detect and remove viruses before they damage your computer!
Antivirus 2009 will perform a quick and 100% FREE scan of your computer for Viruses, Spyware and Adware

Do you want to install Antivirus 2009 to scan your computer for malware now? (Recommended)

[ OK ] [ Cancel ]

End of alert box.

I killed firefox though the taskmanager and set about trying to file this bug report.

Please note that I have copied the "creahes" correctly, that is a mis spelling in the alert box.

Recap of important details.
1. A site minimized my browser without my interaction.
2. A pop window popped outside of the browser window.

Reproducible: Didn't try

Steps to Reproduce:
1.  Presumably visit the site above.

Sorry, I am to cowardly to revisit that site.
(Reporter)

Comment 1

9 years ago
Created attachment 329481 [details]
This is an image shot of the alert box.
Daniel - thank you for reporting this, and no need to worry about re-visiting it.  The site is a scam, it is attempting to convince you to install software that claims to keep you protected, but likely mostly exists as a way for its authors to make money.

It is unlikely, however, that the site has actually attacked you - it's just trying to scare you into installing their product.  Don't go back, and you should be fine.

Since there's no firefox bug here, I'm closing this report, but I understand why it might seem like there was.  You were right to be suspicious.
Group: security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID
Can we get this site added to the list of sites about which FF warns users?
Both sites listed in the bug's URL field appear to be gone so I can't tell what they did, but javascript by default lets windows be moved and resized (in all browsers) and for pages to put up alerts. It should not allow the window to be completely minimized, but the minimum allowed size of 100x100 pixels probably hid behind the alert popup.

You can turn off window resizing/moving in the Firefox prefs. We tried making that the default but it broke some sites that relied on it that continued to work in that other browser so we had to back off.

Open the preferences/options dialog, select the "Content" tab, and to the right of the Javascript checkbox click the Advanced button. You'll get a list of checkboxes of things that have traditionally been allowed on the web. Some of them we've already unchecked for you, and you can uncheck the remaining options and generally not notice any sites breaking. If you do have problems you know where to restore those behaviors.
(Reporter)

Comment 5

9 years ago
Cool, when I get home I will make a note to submit this to lifehacker.com to spread the word.


TIA!

-daniel
You need to log in before you can comment on or make changes to this bug.