Closed
Bug 327310
Opened 19 years ago
Closed 11 years ago
Winfixer "pop-up" (resizeTo / moveTo / confirm) not blocked by Firefox
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 402401
People
(Reporter: sichunlam, Unassigned)
References
(Depends on 1 open bug, Blocks 1 open bug, )
Details
(Keywords: csectype-spoof, sec-low)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
The following code cannot be blocked by Firefox's pop-up blocker. The only way to block the following pop-up is to turn off Javascript (turn OFF move or resize window, etc..)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Error Detected</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
</head>
<body bgcolor="white">
<script>
w=window.screen.width;
h=window.screen.height;
resizeTo(10,10);
moveTo(w,h);
</script>
<script>
confirm("NOTICE: If your computer has errors in the registry database or file system, it could cause unpredictable or erratic behavior, freezes and crashes. \nFixing these errors can increase your computer's performance and prevent data loss.\n\n\Would you like to install WinFixer 2006 to check your computer for free? (Recommended)");
moveTo(0,0);
resizeTo(w,h);
document.location.href='index.php?aid=fastukcpp_uk_en_ed2&lid=rr&ex=1&p=&ax=1';</script>
<div style="display:none; ">
<img src="https://stats1.reliablestats.com/stats.php?site_id=winfixer&aid=fastukcpp_uk_en_ed2&lid=rr_ok_ca&ref=&lp=true" width="1" height="1">
</div>
</body>
</html>
Reproducible: Always
Steps to Reproduce:
1. It happens on websites which uses affiliation/paid marketing services such as softwareprofit.com.
2. It launches a pop-up (or refreshes the page with a winfixer.com url - e.g. winfixer.com/download/2006/index.php?aid=fastukcpp_uk_en&lid=rr&ed=2&ex=1&ax=1
3. It happens.
Actual Results:
Window resizes into what is essentially a pop-up window and generates new pop-ups through javascript call.
Expected Results:
Pop-up should be blocked.
I suspect the only way to fix this problem (without disabling a huge number of sites by completely locking down javascript!) will be to form something permissions-based, by blocking sites like winfixer.com from being able to use javascript on a per-site basis.
Here is another example (with the text modified) to show that the problem lies with the javascript code.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Error Detected</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
</head>
<body bgcolor="white">
<script>
w=window.screen.width;
h=window.screen.height;
resizeTo(10,10);
moveTo(w,h);
</script>
<script>
confirm("WTF");
moveTo(0,0);
resizeTo(w,h);
document.location.href='about:mozilla';</script>
</body>
</html>
Reporter | ||
Comment 1•19 years ago
|
||
One might also wish to refer to the following posts on SpreadFirefox:
http://www.spreadfirefox.com/node/19920 - winfixer pop up?
http://www.spreadfirefox.com/node/17685 - Firefox Has Been Taken Over By Winfixer
Updated•19 years ago
|
Blocks: popups
Summary: Pop-up blocker problem: Winfixer aggressive pop-up not blocked by Firefox → Winfixer "pop-up" (resizeTo / moveTo / confirm) not blocked by Firefox
Winfixer website seems to have been taken down; is there another site that shows this behaviour or a testcase?
Comment 3•17 years ago
|
||
There is one in the description. Here is a slightly different version (cross-platform, better HTML, window.location instead of document.location):
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Error Detected</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<script type="text/javascript" language="JavaScript">
w=window.screen.width;
h=window.screen.height;
resizeTo(10,10);
moveTo(w,h);
</script>
<script type="text/javascript" language="JavaScript">
confirm("WTF");
moveTo(0,0);
resizeTo(w,h);
// maybe "window.location.replace('about:mozilla');" would be better,
// doesn't break the back button, but not sure if it reproduces the bug
window.location.href='about:mozilla';</script>
</body>
</html>
Comment 4•15 years ago
|
||
This bug was reported on Firefox 2.x or older, which is no longer supported and will not be receiving any more updates. I strongly suggest that you update to Firefox 3.6.3 or later, update your plugins (flash, adobe, etc.), and retest in a new profile. If you still see the issue with the updated Firefox, please post here. Otherwise, please close as RESOLVED > WORKSFORME
http://www.mozilla.com
http://support.mozilla.com/kb/Managing+profiles
http://support.mozilla.com/kb/Safe+mode
Whiteboard: [CLOSEME 5-15-2010]
Version: unspecified → 1.5.0.x Branch
Comment 5•15 years ago
|
||
No reply, INCOMPLETE. Please retest with Firefox 3.6.3 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
Comment 6•11 years ago
|
||
Please don't be in such a hurry to mark security bugs as incomplete.
Status: RESOLVED → UNCONFIRMED
Keywords: csec-spoof,
sec-low
Resolution: INCOMPLETE → ---
Whiteboard: [CLOSEME 5-15-2010]
Is this bug even still valid, or has its issue been resolved by the sands of time?
Updated•11 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago → 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•