Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Leave page

more options

I have 2 question about Firefox and how it handles pop-ups an dpossible malware.

I made a screenshot of a pop-up you cannot get rid of unless you explicitly click 'Leave page' in its dialog box. This is because the popup implements the 'load before unload' code or something. I always assumed one should never click on any dialog message which derives from a pop-up/ad. Because you might unknowingly install malware by doing so. So I do understand this dialog belongs to FF or html5 or whatever and it should be dsafe. "should be safe"

Q1. Why the hell should I trust this 'Stay on Page - Leave Page' dilaog box above any other ones invoked by popups. I bet a hacker could easily remake this exact "Stay on Page, Leave Page" dialog but with an added malware surprise underneath the 'Leave Page' button. Or not?

So why the hell does FF or html bother me with such useless and stupid implementations?

Q2. what are the best online sites to check whether a pop-up address coantains malicious code or not? Virustotal only scans the first page, not the flash objects within a page.

I have 2 question about Firefox and how it handles pop-ups an dpossible malware. I made a screenshot of a pop-up you cannot get rid of unless you explicitly click 'Leave page' in its dialog box. This is because the popup implements the 'load before unload' code or something. I always assumed one should never click on any dialog message which derives from a pop-up/ad. Because you might unknowingly install malware by doing so. So I do understand this dialog belongs to FF or html5 or whatever and it should be dsafe. "should be safe" Q1. Why the hell should I trust this 'Stay on Page - Leave Page' dilaog box above any other ones invoked by popups. I bet a hacker could easily remake this exact "Stay on Page, Leave Page" dialog but with an added malware surprise underneath the 'Leave Page' button. Or not? So why the hell does FF or html bother me with such useless and stupid implementations? Q2. what are the best online sites to check whether a pop-up address coantains malicious code or not? Virustotal only scans the first page, not the flash objects within a page.

Chosen solution

You can attach images to a reply. Unfortunately, that is not yet integrated into the form for the original question.

What you are seeing is a dialog generated by a script that hooks into the "beforeunload" event. The reason for allowing sites to hook into that event is so they can warn you that you might lose some work or to offer you an incentive to stick around. On Google Groups, for instance, if you accidentally navigate away from a post you are composing, the site displays that dialog to make sure you really want to abandon your post.

But you're right that it can be hard to tell whether a dialog is a Firefox dialog or something displayed by the page. One possible way to distinguish between a standard dialog and an image or text posing as a dialog is to right-click and see whether you get a normal-looking context menu.

I don't know of any site that claims to evaluate the safety of scripts; would be interesting, but very difficult to automate. Particularly if sites have worked hard to obfuscate them...

In theory it would be possible to override the way these sites are doing it, i.e., by using an add-on to eliminate that part of the site's scripts when you load the page. Is there such an add-on? Hmmm...


edit ~J99

Also See

This was linked from Bug 636374 - Don't show multiple dialogs when a page has multiple frames with onbeforeunload #c5

At 1st January other recent threads and viewing counts to nearest 100

    100  WARNING FBI LOCKED BROWSER!!! /questions/981475                 
 9 300  How do I remove the fbi virus from firefox on my mac                   
    900  How do I get rid of the FBI virus on my Mac Air computer ?            
    500  How do I remove FBI scam from firefox?                                                 
    300   I had the fbi virus scam hit me and I have lost all my settings after resetting FF  
How can I report an attack site
Read this answer in context 👍 2

All Replies (8)

more options

I could not upload an image so I give you the urls to the popups instead:

http://www.beurvoorbeginners.com http://trendsystems.info/?id=153

more options

Suluhisho teule

You can attach images to a reply. Unfortunately, that is not yet integrated into the form for the original question.

What you are seeing is a dialog generated by a script that hooks into the "beforeunload" event. The reason for allowing sites to hook into that event is so they can warn you that you might lose some work or to offer you an incentive to stick around. On Google Groups, for instance, if you accidentally navigate away from a post you are composing, the site displays that dialog to make sure you really want to abandon your post.

But you're right that it can be hard to tell whether a dialog is a Firefox dialog or something displayed by the page. One possible way to distinguish between a standard dialog and an image or text posing as a dialog is to right-click and see whether you get a normal-looking context menu.

I don't know of any site that claims to evaluate the safety of scripts; would be interesting, but very difficult to automate. Particularly if sites have worked hard to obfuscate them...

In theory it would be possible to override the way these sites are doing it, i.e., by using an add-on to eliminate that part of the site's scripts when you load the page. Is there such an add-on? Hmmm...


edit ~J99

Also See

This was linked from Bug 636374 - Don't show multiple dialogs when a page has multiple frames with onbeforeunload #c5

At 1st January other recent threads and viewing counts to nearest 100

    100  WARNING FBI LOCKED BROWSER!!! /questions/981475                 
 9 300  How do I remove the fbi virus from firefox on my mac                   
    900  How do I get rid of the FBI virus on my Mac Air computer ?            
    500  How do I remove FBI scam from firefox?                                                 
    300   I had the fbi virus scam hit me and I have lost all my settings after resetting FF  
How can I report an attack site

Modified by John99

more options

Thank you sir for taking time to address my question.

In my 10 years of internet experience. I have only encountered malware and adware that uses this kind of function. And the recent hotmail/outlook has it's own code I believe written in AJAX which does a similar thing to warning you before you leave an unattended draft of your e-mail.

Only malware will use this function I believe to buy time so their malicious flash-object can load into the window to exploit un-updated flash playerson home computers.

My opinion is this 'event' is quite useless. Which you sir jscher2000 can do nothing about I fully understand ofcourse.

Modified by Anotheraccountyeehoo

more options

There may also be GreaseMonkey or Scriptish scripts that remove such onbeforeunload handlers.

Online email services are among the website that use such handlers to prevent you from losing text if you close a tab accidentally.

A possible bookmarklet to disable such handlers (works for me on the pages that you posted):

javascript:void(document.onbeforeunload=null);void(document.onunload=null);void(window.onbeforeunload=null);void(window.onunload=null);
more options

Having this problem, my fix is "end the task" and when the magic XUL "oops ..." page comes up, I uncheck the box for each offending web page. But the thing that really disturbs me is that this seems definitive proof that Mozilla answers to the gods of web page providers and just makes nice with us lowly users because we're to dumb to ... this is where I get hung up. Yes, microsoft wrote my operating system and Mozilla wrote both my browser software and my Email software. And let us not forget Intel and ecs and gigabyte and all the little pieces of hardware and software that were all created "out there". It seems obvious that microsoft, nor Mozilla, nor any other I've mentioned actually paid for this computer that I'm typing at. What I'm saying is that ownership should confer some responsibility on the manufacturer to make it more to the liking of the end user (yes, even if free). [[ sigh ]] Long winded way of saying, how come *they* have the right to annoy me with such a question, but I have no right to say "that question shall NOT exist on MY COMPUTER"? Why not? Because browsers are the way the public is sold TO the marketplace. The internet was usenet until Netscape (followed quickly by MS) invented the browser. Since then, I just know there's some fundamental understanding that somehow they dare not upset the system by, say, not allowing popunders. (BTW - go to your anti-virus software and disallow any web page that includes the word "popunder" from being loaded. It'll still be launched, but all content will have been blocked). Works easy with ESET, dunno about anything else. But if I don't want to allow popunders, what's so magical that the programmers cannot make them work exactly like popups and be just as easily blocked? That this power to lock up a whole tab / window exists and only *they* have ALL the power, really sort of irks me. How about we get to say "no, don't tell the next web site which web site I'm coming from". I can see why it might be useful TO THEM, but I make my decisions based upon what is useful to me. And right now I'm so ineffectual that I can only blow a big raspberry at Mozilla's "we're just so different from everyone else - because we care about YOU". Bull, give me control over what I see as well as don't see and then we'll talk. "nicer than most" can simply mean they pat you on the head on the way to the slaughterhous. In the moment, quite meaningful ... until an incident in which the software on MY PHYSICAL MACHINE turns traitor on me. Web page designers think they have the right to forbid "right-click-save" or even "marking text" on a web page to copy it. The right to shoot anyone coming onto your property disappears the moment you open a market and invite the public in. If *they* want to entice me into visiting them and bringing some of that home onto my computer ... well, luckily about the two things I mentioned don't keep me from saving the web page and then their hold is broken.... OK, ranted all this time and now I'm worn out. Railing against an unforgiving universe is always cathartic, but rarely helpful. pcG

more options

Hi pcGnome, I admit I didn't read all of that...,

A pop-under is basically a pop-up window, it's just that the script changes the window order so the pop-up is not in front. Firefox should treat them the same. Which is to say, imperfectly. The feature cannot block all new windows; the design is to allow new windows opened in response to a user action. Unfortunately, this allows pages to fake out the pop-up blocker in some cases.

more options

These sort of "helpful" pop-up boxes really burn me up. They are not helpful they are a down-right nuisance. Anyone who has logged a lot of hours on a computer doesn't need it. That's just about everybody under the age of 50 and most of those over 50 (at least in the "western" world). They are not necessary and I don't trust them now and I never will. Too easy to fake. I use task manager to kill firefox rather than click the buttons. Only problem is that it writes a java script file (sessionstore.js) to the default profile directory. Delete this and its backup file (sessionstore.bak) or the next time you open firefox - hello pop-up page.

more options

Hi coolooladreaming, I can suggest a workaround for session restore putting you back in a bad situation: turn off the automatic restore and display the list of windows and tabs so you can opt out of those you do not want to reload. Here's how:

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the search box in that tab, type or paste sess and pause while the list is filtered

(3) Double-click browser.sessionstore.max_resumed_crashes and change the 1 to a 0 (a zero) and OK that.

(4) You can close this tab now.