User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 Build ID: 20160105164030 Steps to reproduce: I've got node.js app. After the user want to leave the page, and socket connection is breaking, I quickly send the reconnect socket message. Some times, the next web site is loading, and then reconnected socket send the user back to the previos page. So, It is not unpopssible to leave the page, the only way to leave is closing the tab. Unpack files on your webserver with node js. Launch app. Goto webserver web adress. Try to enter another site adress in adress string and press enter. Actual results: Site refresh. Expected results: I should go to the site, which name I have entered in adress string.

What is the security issue that makes this a security issue, exactly?

I've made a demo from moz.zip attachment, to show you the problem. Please, go to http://193.124.178.97:3000/ and after that, enter some site (like google or mozilla) in adress string and press enter. The browser wouldn't allow you to go to this sites. I've tested this solution on windows and linux, and it's working well on both systems, and on every Ffox browser.

I can't reproduce using comment 2. (the navigation works fine for me). I'm going to refile this under navigation.. still not sure why this is a security bug.

This is not a security bug, sorry. t first a thought, that this socket opens after the page loads and have access to the new page.

*At first I thought

You can't reproduce this bug maybe because of timings. I've got setTimeout(go, 200); Now, I've changed it to setTimeout(go, 0); Another problem might be the server location (Russia, high ping relatively to you). For me, this example works quite nice. Please, try different sites. The bug is real. If it is neccesary, I could shot a video with with this issue

I can repro the issue in comment 2.. I'm not the right person to figure out if this is even a bug.. seems to just be calling location.reload constantly.

Yes, but this happens right after user enter site in adress bar and press enter. Only firefox behaves this way. And I guess this is not just about location.reload. This is about not connect socket handling. This situation happens only on socket disconnect event. Sometimes in Network tab you can see this: GET http://***:3000/socket.io/?EIO=3&transport=polling GET http://YOUR_SITE GET http://***:3000/socket.io/?EIO=3&transport=polling So there is something definitely wrong and incorrect.

I succeed to repeat the bug, but not every time. If a incoming packet is received, or is being receive, in time you go to an another website, the mechanism prevent the browser from quitting the page.

I can't reproduce this anymore. It just makes my content process a little slow. I tried reducing the timeout but that doesn't work either.