User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130109 Firefox/10.0.12 Build ID: 20130109015419 Steps to reproduce: Several weeks ago, I had reported an interesting PoC via my Twitter in which I had created an unRedirectable web page: https://twitter.com/irsdl/status/294239415428067329 PoC Link: http://0me.me/demo/mozilla/firefox/UnRedirectablePage.html This works in Firefox and IE. Today, I accidentally saw several adverts which were exploiting this issue and I thought it's better to report it via Bugzilla as well. PoC of an advert: [UNSAFE LINK] http://internet-income-source.com/4/?aff_sub=38 [/UNSAFE LINK] Actual results: PoC: 1- Open the following link: http://0me.me/demo/mozilla/firefox/UnRedirectablePage.html 2- type another URL in the address bar and hit enter 3- Click on any links on the page Reason: The following script stops the page from being redirected: window.onbeforeunload = function(){ //Unredirectable Page setTimeout("window.location=document.location;alert('delay by alert');",0); } "alert()" can be replaced by similar functions such as "prompt", "ask for location", and so on. Expected results: It should redirect me to the new page.

Sounds like kind of a DOS, so marking sec-low.

This did not have any update for a while? Can you please make it public so everyone can see the issue?

Sorry wrong comment for this issue! This issue is already public so should be published.

The same as bug 1263100?

1263100 has discussion about a solution, so forward-duping.