A friend stumbled on hlelo[.]com/<magic_path> from a link purporting to go to youtube. It opens a page with scary stuff about your PC being damaged - (even on a Mac) with a phone number to call - typical scam. However, the user can easily be trapped with no effective way to return to normal browser usage. Can be reproduced in both Nightly (52), beta (50), and release (49) with new profile. STR: 1. start browser with fresh profile 2. go to "bad url" (see attachment) What Actually Happened: - page is displayed with basic auth modal dialog - submitting or dismissing leads to immediate re-display of basic auth dialog - No normal menu options are available to restart in safe mode - No option to close tab - No option to close window - Quitting firefox works, but site is immediately reloaded on restart - No "normal" option to open 2nd window (but see below) What I expected to happen: - have some "obvious" way to close the offending tab, and return control of the browser to me.

Workarounds: if you're lucky: keep submitting the basic auth dialog, and trying to close the tab before the basic auth dialog re-appears. Deterministic: disconnect from network; submit auth dialog; close tab; reconnect to network.

I've seen the likes of the reported issue before(different circumstances: malware infected computer, different browser, I was attempting to clean it), so I won't try to replicate this, but I can confirm that this is a valid bug.

Too late for firefox 52, mass-wontfix.

The fix for this is eliminating the application-modal dialog (bug 613785)

cleaning per dupe

is anyone who achieved this? iframe with evil web site can not reproduce the bug. there is my code <iframe src='http://10.10.99.36:8000/116.html' width="0" height="0" scrolling="no"> </iframe> if anyone who achieved this, please tell me . thanks in advance!