User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 Build ID: 20171206182557 Steps to reproduce: Access http://surfingdefenderext.biz/ff/ This is not my site. It is a malicious pop-up I encountered. Press X for "Confirm", than "X" for "Authentication Required". Actual results: Stuck in Confirm dialog loop, and cannot close this tab, or any other tabs in this windows. Expected results: After some confirms, the dialog should be blocked and shown a firefox specific confirmation message to allow or deny further dialogs.

This and other variants of this page seem to be super popular at the moment. The page should not be able to trigger the repost confirm page repeatedly. Last two days: https://www.reddit.com/r/firefox/comments/7n9z7x/anyone_experienced_something_like_this_ad_is/ https://www.reddit.com/r/firefox/comments/7mu881/malicious_type_of_ad_renders_firefox_locked_and/

It seems like the code is supposed to only trigger that dialog for user-initiated, but the page seems to trigger it with an iframe that calls top.reload? https://searchfox.org/mozilla-central/rev/5776cdf83b662f9333d9d20cfcb39119fa69678e/docshell/base/nsDocShell.cpp#11982

Fixed in 58 but we didn't dare the release uplift...

Nice! So we only need bug 613785 now.

Yeah, ideally everything tracked in bug 616843 (and 432687, for that matter).

Still an issue with "https://helpfoxpro.com/update/". After closing the authentication dialog and moving the mouse to the upper side of page (trying to close it) it reappears and blocks whole window again. Firefox 59.0.3 (64bit)

(In reply to cdalxndr from comment #7) > Still an issue with "https://helpfoxpro.com/update/". > After closing the authentication dialog and moving the mouse to the upper > side of page (trying to close it) it reappears and blocks whole window > again. > Firefox 59.0.3 (64bit) Yup, that's bug 613785.