Slashdot Mirror
Malicious Sites Abuse 11-Year-Old Firefox Bug That Mozilla Failed To Fix (zdnet.com)
Malware authors, ad farmers, and scammers are abusing a Firefox bug to trap users on malicious sites. From a report: This wouldn't be a big deal, as the web is fraught with this kind of malicious sites, but these websites aren't abusing some new never-before-seen trick, but a Firefox bug that Mozilla engineers appear to have failed to fix in the 11 years ever since it was first reported back in April 2007. The bug narrows down to a malicious website embedding an iframe inside their source code. The iframe makes an HTTP authentication request on another domain.
[...] For the past few years, malware authors, ad farmers, and scammers have been abusing this bug to lure users on sites where they show all sorts of nasties, such as tech support scams, ad farms that reload the page with new ads in a loop, pages that push users to buy fake gift cards, or sites that offer malware-laced software updates. Whenever users try to leave, the owners of these shady sites trigger the authentification modal in a loop.
[...] For the past few years, malware authors, ad farmers, and scammers have been abusing this bug to lure users on sites where they show all sorts of nasties, such as tech support scams, ad farms that reload the page with new ads in a loop, pages that push users to buy fake gift cards, or sites that offer malware-laced software updates. Whenever users try to leave, the owners of these shady sites trigger the authentification modal in a loop.
You, those Modal dialog boxes have a strange history. True story to the best of my memory.
When Apple was developing the original Macintosh, they didn't have that "feature" in their (primitive)
GUI library at the time. But, outside developers cried that they couldn't "make things work" w/o
a model programming model (remember the time, and Apple's development platform was Pascal)
so Apple reluctantly added it. Apple really, really wanted developers to program non-model dialogs,
and caved. I don't blame Apple for this as it really wasn't much extra effort to manage a non-modal
dialog at the time (remember things weren't multi-threaded and everything was serialized through
the "waitNextEvent()" API (or whatever it was called) anyway.
So, Apple is where the model dialog started its life (I don't know if it was an Apple invention, but
they made it mainstream). That and the adoption of the C++ language as a serious development
platform are the bane of sound, maintainable software development around the world.
CAP === 'divulged'