Closed
Bug 608629
Opened 14 years ago
Closed 14 years ago
Modal Dialogs are a Malware Vector
Categories
(Firefox :: General, defect)
Tracking
()
People
(Reporter: eric.kolotyluk, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b6) Gecko/20100101 Firefox/4.0b6 Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b6) Gecko/20100101 Firefox/4.0b6 Numerous malware web sites open a modal dialog prompting the user to run/install some software. Often this is disguised as a dialog that will play music or a video, or some other function. If you try to close the dialog box it will reappear almost instantly, giving you no time to close the tab running the dialog. Because this is a modal dialog the entire Firefox UI is frozen out. The only recourse is to kill Firefox with the Windows Task Manager. This is extremely inconvenient and should not be necessary. When this happens often enough, it is easy to forget to kill Firefox with the task manager, and be duped into running/installing the malware on your computer. Being duped this way caused Rougue:Win32FakeRean to be installed on my computer recently. I should have know better, but this annoying design defect in Firefox caused me to be duped anyway because I was frustrated by Firefox's behavior and I was not thinking clearly. I cannot think of any reason that modal dialogs should ever be allowed in Firefox. In particular, no website should ever be allowed to compromise Firefox by being able to run a modal dialog. Reproducible: Always Actual Results: A web site opens a modal dialog. The only way to remove the modal dialog is to terminate Firefox with the Windows Task Manager Expected Results: When a dialog appears as a result of opening a web site, it should be possible to simply close the tab containing the web site, in order to make the dialog go away permanently.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•