Closed Bug 1612533 Opened 5 years ago Closed 4 years ago

Report Deceptive side 2020-01-31 website run out

Categories

(Toolkit :: Safe Browsing, defect, P2)

Product:
Toolkit
Component:
Safe Browsing
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1263100
Tracking Flags:
Tracking Status
firefox72 --- wontfix
firefox73 --- wontfix
firefox74 --- wontfix

People

(Reporter: uskolor, Unassigned)

Details

Attachments

(1 obsolete file)

Attached image 1.jpg (obsolete) (deleted) —

User Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0

Steps to reproduce:

Hello I can notices when I want report Report Deceptive side Firefox can report it .Website run out .Not only for this website .
1.https://takeyoursexcontact1.com/?u=kr5kae3&o=c4bppz0
2.https://takeyoursexcontact1.com/?u=kr5kae3&o=c4bppz0&x=3

Actual results:

Website run away when I want report it.

Expected results:

I should report website and Firefox not allow website run out.

Hi,

I was able to reproduce this issue on Windows 10 with Firefox version Nightly 74.0a1 (2020-02-04) (64-bit) - Beta 73.0 (64-bit) - Release 72.0.2 (64-bit). Marking those flags as affected.
Also I'm setting status to NEW and component to Toolkit - Safe Browsing for someone to take a look at this.

Status: UNCONFIRMED → NEW
status-firefox72: --- → affected
status-firefox73: --- → affected
status-firefox74: --- → affected
Component: Untriaged → Safe Browsing
Ever confirmed: true
Product: Firefox → Toolkit
Version: 72 Branch → Trunk

Thanks you .Sorry for this disgusting picture .but any another website I have seen Firefox can't report some website.

Priority: -- → P2
Severity: normal → S3

Still not fix.This website you can't submit as Deceptive side.This website do not allow Firefox.

This bug happens because when we report deceptive site, Firefox tries to close the original website and then switch the reporting page.
However, the website calls setTimeout to change its window.location.href before unload (onbeforeunload), the network request to the reporting page is then canceled. The URL is set to the new URL in the settimeout function.

POC is here: https://dimidl.github.io/bug/bug_1612533.html

Comment on attachment 9123813 [details] 1.jpg Since we have POC in Comment 4, I'll just obsolete this attachment
Attachment #9123813 - Attachment is obsolete: true

Hi johannh,
I would like to know if you have any comment on how we can deal with this because I feel this is a bit like evil trap?

Flags: needinfo?(jhofmann)

Website smarter then Firefox code .how to deal with it.Just removed this Bug .And you 'll have free time.!!

johannh will be out for a while.
christoph, can you help take a quick look on Comment 4 and let me know if you have any suggestion, or do you know who might have experience on how to deal with this? thanks!

Flags: needinfo?(jhofmann) → needinfo?(ckerschb)

Usually I would ni? Gijs, but he is out currently.

I know that Paul has been dealing with evil traps maybe he has come across similar problems and can help us out.

Paul, have you seen something like this before?

Flags: needinfo?(ckerschb) → needinfo?(pbz)

Yes, this has been an issue for a while. Bug 1263100.
Prevents the user from both navigating via the url bar and reporting the site via the menu. Requires user interaction to work though.

Flags: needinfo?(pbz)
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: