Closed Bug 481473 Opened 14 years ago Closed 14 years ago

Annoying JavaScript exploit: Prevents the site / tab from being closed


(Firefox :: Security, defect)

Windows XP
Not set





(Reporter: codethief, Unassigned)




User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv: Gecko/2009021910 Firefox/3.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv: Gecko/2009021910 Firefox/3.0.7

ATTENTION: Don't open this page before you haven't read this!

The link above was posted in a forum by a spam bot. When opening it you have a gif animation of three gay old men and hear some melody. Ok, nothing wrong with that, just hit that x you think, right? But every time you try that a JS window pops up preventing you from closing the tab or window.
It's most annoying when having tab restoring activated, because killing the Firefox process and reopening it (i.e. restoring your tab collection), will have you sitting in front of this soft gay porn again. I was never able to close the tab before the page was loaded.
The way I eventually managed to deal with it was to not restore the tabs, disable JS first and then restore them. Advanced users will know how to deal with this, but I suppose normal ones won't. Those ones will rather not restore their tabs and therefore lose them.

Beat me, if you don't consider this a bug but I think there should be some prevention built in in Firefox.

Reproducible: Always

Steps to Reproduce:
Open the web page.
Actual Results:  

Expected Results:  

In the next version of Firefox (3.1) the "after crash recovery" screen will list all your tabs so you can close individual ones, rather than the current choice of all-or-nothing. Reopening all your tabs blindly can be OK if the bad tab crashed while loading (it won't be in the restore list) or if it's a random or media-generated crash. But as you discovered it's not a great solution for "trap" sites.

Beyond that there are other trap tricks hackers use.
Group: core-security
Closed: 14 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: eviltraps
You need to log in before you can comment on or make changes to this bug.