Infinite "Press OK" dialogs from bad advertisers are allowed to hijack Firefox. How do I stop them?
Some "nasty" advertisers use a popup dialog that says "Press OK to Continue" or something along those lines. I know the OK button will take an action I do not want to allow, but the advertiser is exploiting something in Firefox to infinitely generate new dialogs whenever one is closed, until I press OK. During this, the Firefox browser will not allow me to close the offending tab or the offending browser window, so my only escape is Task Manager. After this happens I cannot restore my previous session because that session contains the hijacker.
I have included a URL that generated a popup that had this behavior, but it may or may not show up repeatedly, and it appears plenty of other places online as well.
Please take action so that an open dialog cannot prevent a tab or browser being closed.
WARNING: Following link in "URL of affected sites" may result in unpleasant browser behavior as described above.
URL of affected sites
Chosen solution
There is a bug filed to prevent infinite loop alerts, and until it's fixed you can install https://addons.mozilla.org/en-US/firefox/addon/13176 which solves this.
Read this answer in context 👍 0All Replies (20)
If I try that link, I don't get any prompt. http://screencast.com/t/YTQ1MjdjZTIt
We'll need some more info about your Firefox setup. Go to Help > Troubleshooting Information, then click Copy all to Clipboard. Open a reply to this post, and go to Edit > Paste to paste the info from your Troubleshooting Information page.
Troubleshooting information is already included above :) I am able to click the [+] next to Troubleshooting Information and see it. Does it not appear for everyone?
Advertisers randomly rotate ads, so I am not sure how I can provide a link to a site that is guaranteed to show the behavior. The link I provided popped up several things, one of which was a pop-under with the nasty behavior.
To avoid a GIANT post I'll snip out the version, OS and plugins from troubleshooting info:
Firefox version
3.6.3
Operating system Windows 7
User Agent Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Plugins: All-in-One Gestures 0.21.1 Cooliris 1.11.6 DownThemAll! 1.1.10 Java Console 6.0.18 Flagfox 4.0.5 DownloadHelper 4.7.3 Tab Mix Plus 0.3.8.3 WOT 20100503
The core issue is Firefox prevents closing any tabs or windows when a dialog is open, and "bad" advertisers use this to force the user to click OK on a JS popup. If I find a site that ALWAYS launches an ad that does this I'll try to bring it back here.
letslikeit.com is serving up advertisements from http://ads.lzjl.com/
You can "blacklist" that domain from being able to run JavaScripts in Firefox by using the YesScript addon. https://addons.mozilla.org/en-US/firefox/addon/4922/ The problem is that you will have to block every domain you come across that is doing ads that way.
Or you can install the Adblock Plus along with a Filterset subscription to block most advertisements. AdblockPlus https://addons.mozilla.org/firefox/1865/ Also, read this: http://adblockplus.org/en/getting_started
I know a lot of people won't agree with me on this, but I don't like the idea of ad-blockers. I think it directly impacts a lot of my favorite little sites' ability to support themselves. (Comics, artists, bloggers, all of the little guys who give the net its best free content.) A lot of those guys are going to significant expense and effort to maintain those sites and often not making much from it. Also, the offending ads don't come from those sites. They're very good about responding to complaints and sending bad advertisers packing.
Blocking domain by domain won't work because they will always just start popping up from a new domain. I highly doubt "lzjl.com" is the first nor the last domain that company will register.
I appreciate the advice but those are band-aid solutions to what seems like a D.O.S. vulnerability in Firefox. If one nasty advertiser can render an entire browser session useless with a silly JS popup, and force MOST users into clicking their malicious OK button to make it stop, isn't that a problem with the browser? And if the only reason it works is because the user cannot interact with a browser window after it has generated a JS popup, isn't that kind of silly?
I'm posting this here because it's been this way for years and years and I'm amazed this lowbrow technique is still allowed to succeed.
Chosen Solution
There is a bug filed to prevent infinite loop alerts, and until it's fixed you can install https://addons.mozilla.org/en-US/firefox/addon/13176 which solves this.
I've found a website that foils both adblock as well as this "infinite loop" add-in. The page is at http://quiznexus.com/areyouasexgod1981/index.php?web_id=5284&exitpops=true.
When I try to close this page, it brings up a dialog that says "IMPORTANT: You are almost finished: You haven't completed the quiz!" It gives me the option of clicking "OK," but I'll bet anything that if I click on it, it will take me to their website. When I close that dialog, it brings up another one that says "Are you sure you want to navigate away from this page?" There are OK and Cancel buttons, but I'm sure those don't work as promised either. When I close that dialog, I'm back to square one.
Why can't Firefox give me a way to force a window closed regardless of the scripting? (E.g., let me hold down the Shift key while clicking the close box to disable scripts and just close.)
Another potential fix would be to let me configure Firefox so that it always displays the "whoops, this is embarrassing" dialog upon startup. That's the ONLY way I've found to kill these pages.
This diabolical website is just as effective at tying up Internet Explorer too.
I'm on Firefox 3.6.8 on Windows Vista that's up-to-date with patches.
Set the pref browser.sessionstore.max_resumed_crashes to 0 on the about:config page to get the about:sessionrestore page immediately with the first restart after a crash has occurred or the Task Manager was used to close Firefox.
See:
https://wiki.mozilla.org/Session_Restore#Preferences http://kb.mozillazine.org/Browser.sessionstore.max_resumed_crashes
See also http://kb.mozillazine.org/Session_Restore#Firefox_keeps_crashing_after_restoring_a_session
Every single app that I have seen that does this minimizes the browser window to prevent you from closing its tab. How about making it impossible for a web page to affect the size of the browser window?
As mentioned above, the page opened a "modal dialog" that made it impossible to switch back to any other tab or to click on any menu options of the browser. How about closing this gaping security hole?
Best way that I have found to get around this annoying feature is as follows. From the menu select Tools / Options and then select the section Content and remove the check mark on Enable Java and finally click Ok. Since Java is now completely disabled you should be able to safely close the tab without the pesky message. Remember to replace the check mark on Enable Java to re-enable it. I have also opened a new browser window and dragged the offending tab to the new window and then closed that entire window session. Hope this provides some additional help!
You probably mean JavaScript.
To avoid confusion: http://kb.mozillazine.org/JavaScript_is_not_Java
THANK YOU....I spent all day trying to figure this out....it was so easy...thanks it worked..
Google Chrome gives a really neat way of taking care of infinite dialog loops. From the second dialog box onwards, Chrome includes a check box that says "Prevent this page from creating additional dialogs." A user has to just check this and close the dialog, then the user can simply close the tab.
I wish Firefox had a similar feature.
FYI: Firefox 4.0 will have a similar check box to prevent further alert pop-ups (current Minefield nightly build already have it)
do you have a link for the feature? i'd like to ask there that while people are working on the alert/prompt/confirm to not make it "modal" (lock firefox until closed), as it allows the page far more control over the way users interact with it. an example where it would bother me, is a site that prompt() for my email address, and i would like to go to another web site to supply me with a disposable address. BTW: chrome's implementation works when the alerts as below 999ms (upto 998ms) apart
- Bug 61098 – Exit all currently active scripts (allow aborting modal window.alert() loops in javascript (js))
- Bug 432687 – Protect users from Javascript trap websites
(please do not comment in bug reports)
Modified
Another aggravation I would like to control is the adds on the current page, not pop-ups but scripts running and slowing down my computer to the point I have to wait for control to be returned to me. Is there a way to stop these boxes?
AlertCheck: https://addons.mozilla.org/firefox/addon/13176/
I get the pop-up in the attached image.
disabling the java script really helped.
Application Basics
Name Firefox
Version 3.6.13
Profile Directory
Open Containing Folder
Installed Plugins
about:plugins
Build Configuration
about:buildconfig
Extensions
Name
Version
Enabled
ID
AVG Safe Search 9.0.0.872 true {3f963a5b-e555-4543-90e2-c3908898db71}
AVG Security Toolbar 6.010.006.004 true avg@igeared
PHPNukeEN Toolbar 2.6.0.15 true {dd02a4eb-4afd-4d60-99d8-e67f964ca813}
Get Styles 1.0.22 true {6236BA26-C117-4007-928C-DE0716C7FA80}
Usage Stat 1.0.5 true {6236BA26-C117-4007-928C-DE0716C7FA96}
FBFan 1.0.1 true {6236BA26-C117-4007-928C-DE0716C7FA99}
QAssistant 1.0 true {63414328-3ab4-2c84-6c41-5a473c4b2ff7}
My Web Search 1.1 true m3ffxtbr@mywebsearch.com
blackbackgroundlighttextpitchdar 1.0 false {6304da83-f525-40ac-869b-cd3d3406a1f7}
Jookz Toolbar 1.7 true jookztoolbar2@jookz.com
ResultUrl 1.0 true {C8431CD2-C25A-45F3-BEA9-A9103C31409A}
Modified Preferences
Name
Value
browser.history_expire_days.mirror 180
browser.places.smartBookmarksVersion 2
browser.startup.homepage http://www.google.com.my/firefox?client=firefox-a&rls=org.mozilla:en-US:official
browser.startup.homepage_override.mstone rv:1.9.2.13
browser.tabs.warnOnClose false
extensions.lastAppVersion 3.6.13
keyword.URL http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm676YYMY&ptb=YBXSh6pK6ib4nyi_2Wm59Q&psa=&ind=2011011308&pt…
network.cookie.prefsMigrated true
places.last_vacuum 1293017270
print.print_printer Canon iP1800 series
print.printer_Canon_iP1800_series.print_bgcolor false
print.printer_Canon_iP1800_series.print_bgimages false
print.printer_Canon_iP1800_series.print_command
print.printer_Canon_iP1800_series.print_downloadfonts false
print.printer_Canon_iP1800_series.print_edge_bottom 0
print.printer_Canon_iP1800_series.print_edge_left 0
print.printer_Canon_iP1800_series.print_edge_right 0
print.printer_Canon_iP1800_series.print_edge_top 0
print.printer_Canon_iP1800_series.print_evenpages true
print.printer_Canon_iP1800_series.print_footercenter
print.printer_Canon_iP1800_series.print_footerleft &PT
print.printer_Canon_iP1800_series.print_footerright &D
print.printer_Canon_iP1800_series.print_headercenter
print.printer_Canon_iP1800_series.print_headerleft &T
print.printer_Canon_iP1800_series.print_headerright &U
print.printer_Canon_iP1800_series.print_in_color true
print.printer_Canon_iP1800_series.print_margin_bottom 0.5
print.printer_Canon_iP1800_series.print_margin_left 0.5
print.printer_Canon_iP1800_series.print_margin_right 0.5
print.printer_Canon_iP1800_series.print_margin_top 0.5
print.printer_Canon_iP1800_series.print_oddpages true
print.printer_Canon_iP1800_series.print_orientation 0
print.printer_Canon_iP1800_series.print_pagedelay 500
print.printer_Canon_iP1800_series.print_paper_data 1
print.printer_Canon_iP1800_series.print_paper_height 11.00
print.printer_Canon_iP1800_series.print_paper_size_type 0
print.printer_Canon_iP1800_series.print_paper_size_unit 0
print.printer_Canon_iP1800_series.print_paper_width 8.50
print.printer_Canon_iP1800_series.print_reversed false
print.printer_Canon_iP1800_series.print_scaling 1.00
print.printer_Canon_iP1800_series.print_shrink_to_fit true
print.printer_Canon_iP1800_series.print_to_file false
print.printer_Canon_iP1800_series.print_unwriteable_margin_bottom 0
print.printer_Canon_iP1800_series.print_unwriteable_margin_left 0
print.printer_Canon_iP1800_series.print_unwriteable_margin_right 0
print.printer_Canon_iP1800_series.print_unwriteable_margin_top 0
privacy.sanitize.migrateFx3Prefs true
security.warn_entering_weak false
security.warn_viewing_mixed false