Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

Are you developing a defense against malicious use of site-generated error messages (as examplified by the [rather harmless] hurr-durr.com)?

  • 4 wótegrona
  • 3 maju toś ten problem
  • 1 naglěd
  • Slědne wótegrono wót danbae

more options

If you enter the hurr-durr.com website, it will demonstrate how messages generated by a specific website can be used to paralyse the web browser such that you will need to quit your browser and restart it. Basically, any action from the user (such as trying to close the tab used by hurr-durr.com) is met with a nonsense message and no other response (tab remains open). Shouldn't there be some kind of defense against this? hurr-durr is rather daft and harmless but I can imagine that this loophole can be used for more sinister purposes.

If you enter the hurr-durr.com website, it will demonstrate how messages generated by a specific website can be used to paralyse the web browser such that you will need to quit your browser and restart it. Basically, any action from the user (such as trying to close the tab used by hurr-durr.com) is met with a nonsense message and no other response (tab remains open). Shouldn't there be some kind of defense against this? hurr-durr is rather daft and harmless but I can imagine that this loophole can be used for more sinister purposes.

Wšykne wótegrona (4)

more options

It relies upon JavaScript, you can use the NoScript add-on to prevent that sort of site from working. NoScript by default blocks all JavaScript and lets you specify what sites you want JavaScript to work on.

more options

Thank you for a prompt reply. It was very helpful. But since a lot of websites use Javascripts, maybe there will be a lot of extra handling. Also you can't know in advance which scripts will be malicious. Ideally you would like something that stops javascripts from doing certain things, like preventing the closing of a page. Maybe that is very difficult.

more options

The next Firefox 4.0 version will have a check box on such alert messages to prevent further alerts from appearing.

See also:

more options

That sounds like a straightforward and useful remedy. Very much looking forward to that.