Open Bug 550196 Opened 11 years ago Updated 2 years ago

Last Measure shock site now opens a new window and prevents closing it

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

People

(Reporter: marianalfred, Unassigned)

References

(Depends on 2 open bugs, Blocks 1 open bug)

Details

Attachments

(4 files)

Last Measure source code 2010-03-04
9.29 KB, text/plain
Details
testcase: keyboard shortcut interference
564 bytes, text/html
Details
testcase: one click opens many popups
369 bytes, text/html
Details
testcase: onkeydown popups
90 bytes, text/html
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 GTBDFff GTB7.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 GTBDFff GTB7.0

can anyone tell me whats this ?

Reproducible: Always
http://bit.ly/b81Sjx
Severity: normal → major
Visiting the link will open a window which takes over and cannot be closed. It appears to try and exploit a bunch of security flaws. Marking s-s for now since visiting the link will DOS your computer with NSFW stuff.
Group: core-security
It appears to be a redirect to http://lm.loldongs.eu/ aka Last Measure.  Last Measure is hardly secret.  See e.g. bug 349392.
Group: core-security
Summary: check this → Last Measure shock site now opens a new window and prevents closing it
Depends on: eviltraps
One of Last Measure's tricks is to pop up alerts when it thinks you're going for close-window shortcuts such as Ctrl+W or Alt+F4.  The original code was Windows/IE specific; here's a cleaned up version.

The solution here is bug 59314 or bug 61098.
well ctrl-w not works .. i tried and even after i force closed from tasks when i opened again firefox it start again
Given any opportunity to open popup browser windows -- such as a click anywhere in the page -- Last Measure will open SIXTEEN of them.  This is probably more than we should allow per click.
Filed bug 550238 for the popups-per-click issue.
I can't reproduce bsmedberg's experience, but that might be because I have Flash and Java disabled.
We already disallow these.  Go us.
Please test it in nightly 
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/

I think this is no longer an issue after Bug 61098 fix...
Status: UNCONFIRMED → NEW
Ever confirmed: true
Depends on: 599662
Depends on: 599667
You need to log in before you can comment on or make changes to this bug.