Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Mozilla Firefox Privacy Security IT Technology

12 Years After It Was Notified, Firefox To Add Full Protection Against 'Login Prompt' Spam (zdnet.com) 24

Twelve years after it was first notified of the issue, Mozilla has finally shipped a fix this week that will prevent abusive websites -- usually tech support scam sites -- from flooding users with non-stop "authentication required" login popups and prevent users from leaving or closing their browsers. From a report: The fix has been shipped in Firefox v68, the current Nightly release, and will hit the browser's stable branch sometimes in early July. According to Firefox engineer Johann Hofmann, starting with Firefox 68, web pages won't be allowed to show more than two login prompts. Starting with the third request, Firefox will intervene to suppress the authentication popup.

Mozilla previously shipped a fix for this issue, but it was incomplete, as it blocked authentication prompts that originated from subresources, such as iframes. This latest patch completes the fix by blocking all types of authentication required prompts -- including those generated by the site's main domain.

This discussion has been archived. No new comments can be posted.

12 Years After It Was Notified, Firefox To Add Full Protection Against 'Login Prompt' Spam

Comments Filter:
  • Funny thing (Score:4, Interesting)

    by smooth wombat ( 796938 ) on Friday April 05, 2019 @03:57PM (#58391906) Journal

    I never see any of these pop-ups and I'm running FF 50 (I think) at home. Never had any problems.

    I guess I'm not one checking out Bob's House of Free Software every day.

    • by Anonymous Coward

      Chrome and Edge are the worst offenders when hit by these login popovers. Not just shady porn sites, but also mainstream sites whose advertising service gets compromised. Slashdot had the problem for a while within the last year.

    • by Anonymous Coward
      I don't believe you exist. Everyone watches porn at one point or another and lands on one of these sites. Begone from here!!!
    • Re:Funny thing (Score:4, Insightful)

      by omnichad ( 1198475 ) on Friday April 05, 2019 @04:30PM (#58392050) Homepage

      Or clicking random shared links on Facebook - this is the #1 way.

  • by xack ( 5304745 ) on Saturday April 06, 2019 @01:23AM (#58393444)
    Mozilla will admit that removing XUL was a mistake. Until then, there are the usual forks to use.
  • This will be nice to get at work. There, Microsoft's Outlook Web Access constantly has bad authentication requests, but only on Firefox. Fortunately, I can tell which are the bad ones, because they say something like "the site says "mail.COMPANYNAME.com"". Entering a username/password never works, it just asks again, but cancelling makes the popup go away, for a time.

    I'm not sure if it's a bug in OWA, or a misconfiguration made by the IT group. But they're very annoying and it's good to hear they might

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...