User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2 Now first of all, I do NOT normally read this ****. Some retard suggested it to me. That said, I saw some stuff scarier than furry porno comic strips. http://www.buzzweb.com/dustbunnies/ Near the bottom of the text block on top there is a link. Follow it: http://www.buzzweb.com/dustbunnies/I%27m%20always%20working%20on%20improving%20my%20art%20and%20my%20bunnies%20will%20be%20back%20one%20day%20better%20then%20they%20were%20before,%20better,%20faster,%20stronger,%20six%20million%20dollar%20bunnies!%20But%20for%20now%20I%27m%20undertaking%20other%20characters%20other%20stories%20such%20as%20comics%20about%20a%20skunkette%20school%20an%20all%20girl%20school%20with%20very%20horny%20and%20immodest%20skunkettes.%20The%20other%20project%20is%20about%20two%20space%20vixens%20that%20use%20their%20sex%20appeal%20to%20save%20worlds%20and%20the%20occasional%20universe.%20And%20finally,%20a%20comic%20about%20sexy%20feline%20warriors%20who%20are%20defending%20themselves%20in%20their%20ravaged%20world%20destroyed%20by%20giant%20nasty%20monsters.%20All%20this,%20hopefully%20for%20me,%20will%20be%20found%20in%20comic%20books%20and%20not%20on%20the%20net.%20 and it will send you here: http://66.250.173.108/search.php?query=sex&x=62&y=39 You can click on any of those links and you'll get a random porno page. What's interesting is if you try and go back. You will get a random porno page any time you try to go back past that first page of porn links. This happens if you go directly to the 66.250.173.108 link as well. A random porno page will load every time you: click the back button right click the back button and select a previous page try to go to a page in the history try to load a bookmarked page enter something in the URL field Basically every time you try to leave the porno sites. It does this with both Firefox 0.9.1 and 0.9.2, Mozilla 1.7, and with IE 6. (Except with IE, it also attempts to change the home page, opens popup windows, and tries to install stuff) This is really damned annoying. I'm curious as to what they're doing, and what can be done to disable it without losing functionality. Reproducible: Always Steps to Reproduce: 1.Go to this page: 2.try going anywhere else, by any means (back button, bookmarks, url field) 3.watch as you get a random porno site instead Actual Results: It will load a random porno page each time you try to enter a URL in the URL field, go to a bookmarked page, or use the back button. (Although clicking on the back button really fast a few dozen times can get you out, if you then click it again, you'll just get another random porno page.) Expected Results: Allowed me to escape to some other page. I'm using XP Home, I've tried this with Mozilla 1.7, Firefox 0.9.1 and 0.9.2, and IE 6. It happens with all of them.

Pretty standard setup: function foo() { location = some_porn_site; } <body onunload="foo()"> I thought we had something in place to preven this, no?

Not that I can remember...

This was on FD: http://lists.netsys.com/pipermail/full-disclosure/2004-July/024242.html

Hmm, anyone know what the legitimate uses of code like this is?

>Hmm, anyone know what the legitimate uses of code like this is? There is none. The only possible legitimite use for onunload that I can think of is window cleanup (i.e. closing windows opened by the page). This could probably also be used for other things where the main window is interacting with windows other windows. Things like changing the location, or alerting you that you are leaving (some sites do this, although it is very very rare)are just annoying. Maybe if you are submitting credit card information, or waiting for a reply other functions used in an onunload event could be used to prevent complications, however you cannot cancel the unload, so I don't think there would be anything you can do to prevent that if the user leaves. With recent and past security issues, maybe the capabilities of onunload should be restricted. This could include blocking writes to and changing the location for the window that is unloaded. Possibly even a pref that can completely disable the onunload handler could be included in Mozilla.

Here's a non-pornographic testcase.

maggottmail-mozbugs@yahoo.com: it is possible to for a site to cancel navigating away from a page, but not with onunload. You have to use the onbeforeunload event to do that, and the user gets a prompt asking if they really want to leave the page.

(In reply to comment #7) You have to use the onbeforeunload > event to do that, and the user gets a prompt asking if they really want to leave > the page. Did you try it? It gives no message.

>You have to use the onbeforeunload event to do that, and the user gets a prompt > asking if they really want to leave the page. OK, I wasn't aware of that one. > Did you try it? It gives no message. You have to return a value with the handler (it appears any primitive data type or even null will work). For example: <body onbeforeunload="return false;">

There are now sites that use the "onunload" event to open pop-up windows when you close the window. Example: Open at least two tabs in firefox. In one tab type the url: http://www.desktopgirls.com/index4.html. Now close the tab with this site. You get two pop-up windows. If you have only one tab open and close the browser you will see no pop-ups.

Antonis: that's bug 259117, not this bug.

think we would need a patch and a lot of trunk testing to do more here for 1.0. renominate if that happens.

*** Bug 261104 has been marked as a duplicate of this bug. ***

There is yet one interesting thing. The code included below opens a new window if there are other tabs open, and the tab containing the script is closed. (Firefox PR 0.10.1) <html> <head> <title>Test</title> <SCRIPT language=JavaScript> <!-- function u() { window.open("http://some.url.here/","") } // --> </SCRIPT> </head> <body OnBeforeUnload="u()" OnUnload="u()"> </body>

(In reply to comment #14) > There is yet one interesting thing. The code included below opens a new window > if there are other tabs open, and the tab containing the script is closed. > (Firefox PR 0.10.1) That was fixed in bug 260385.

*** Bug 264735 has been marked as a duplicate of this bug. ***

You can still use it to open alerts. http://www.internetisseriousbusiness.com/ (code saved if the page goes away). Basically it is this: <body onbeforeunload="for(x in neva.split('\n')){ alert(neva.split('\n')[x]); } return false;"> I think it should be possible to forcefully close tabs. If you right-click on an unfocused tab you get the "Close tab" item. It closes the still focused tab (which is misleading for me). Either close the clicked tab forcefully or offer such an option.

Volkmar, please file that as a separate bug. It's likely to require a separate fix.

FYI; Filed enhancement bug: 391834 Thanks.

Is it not quite clear to me what are the STR on this one, but no matter how many times I click on "Disable onunload event" on the attachment in comment #6 the back button doesn't break using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a5pre) Gecko/20100505 Minefield/3.7a5pre ID:20100505040145 I would say this WFM based on that. Can anyone please clarify?

I think that this bug has been long since fixed (see the link to CVE-2007-1095 listed at the top) and I'm surprised that this hasn't been closed. I'm going to remove myself from the CC list anyway...

This was fixed by disallowing navigation during unload in bug 371360.