Closed Bug 550196 Opened 15 years ago Closed 4 years ago

Last Measure shock site now opens a new window and prevents closing it

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: marianalfred, Unassigned)

References

(Depends on 2 open bugs)

Details

Attachments

(4 files)

Last Measure source code 2010-03-04
9.29 KB, text/plain
Details
testcase: keyboard shortcut interference
564 bytes, text/html
Details
testcase: one click opens many popups
369 bytes, text/html
Details
testcase: onkeydown popups
90 bytes, text/html
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 GTBDFff GTB7.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 GTBDFff GTB7.0 can anyone tell me whats this ? Reproducible: Always
http://bit.ly/b81Sjx
Severity: normal → major
Visiting the link will open a window which takes over and cannot be closed. It appears to try and exploit a bunch of security flaws. Marking s-s for now since visiting the link will DOS your computer with NSFW stuff.
Group: core-security
It appears to be a redirect to http://lm.loldongs.eu/ aka Last Measure. Last Measure is hardly secret. See e.g. bug 349392.
Group: core-security
Summary: check this → Last Measure shock site now opens a new window and prevents closing it
Depends on: eviltraps
One of Last Measure's tricks is to pop up alerts when it thinks you're going for close-window shortcuts such as Ctrl+W or Alt+F4. The original code was Windows/IE specific; here's a cleaned up version. The solution here is bug 59314 or bug 61098.
well ctrl-w not works .. i tried and even after i force closed from tasks when i opened again firefox it start again
Given any opportunity to open popup browser windows -- such as a click anywhere in the page -- Last Measure will open SIXTEEN of them. This is probably more than we should allow per click.
Filed bug 550238 for the popups-per-click issue.
I can't reproduce bsmedberg's experience, but that might be because I have Flash and Java disabled.
We already disallow these. Go us.
Please test it in nightly http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/ I think this is no longer an issue after Bug 61098 fix...
Status: UNCONFIRMED → NEW
Ever confirmed: true
Depends on: 599662
Depends on: 599667
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: