448484 - Site badgers user with download dialog until user accepts malware or force-quits

Status: RESOLVED DUPLICATE of bug 61098

(Firefox :: Security, defect)

Description

[Joel Eidsath]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

The above URL (http://transcend-staging-1.com/default.html) is a spam link to a site that attempts to install malware on Firefox. It is able to lock up Firefox using Javascript and is also able to force an install of Yahoo Toolbar (https://addons.mozilla.org/en-US/firefox/addon/2032) without user permission. Has anyone verified that this addon actually comes from Yahoo? 

Reproducible: Didn't try

Comment 1

[Martijn Wargers (dead)]

The url is not working for me, I get "Access forbidden!".

Comment 2

[Joel Eidsath]

Try a Google search for "Watch Free Movie - Update Every Hour!" and you will come up with a number of sites infected by this. After clicking through the links for a while, I was able to find one that was still up halfway down Google's front page.

It appears that to get the Javascript loop started, you need to click the 'X' on the fake Windows window. The Javascript loop works in Linux, but the Yahoo toolbar was not installed. 

Comment 3

[Jesse Ruderman]

> Try a Google search for "Watch Free Movie - Update Every Hour!"

On one of these sites, I get a repeated alert() followed by a download dialog.  Not an insta-pwn, and pretty hard to prevent :(

Comment 4

[Daniel Veditz [:dveditz]]

dupe of bugs on letting users kill modal-dialog loops?