12 Years After It Was Notified, Firefox To Add Full Protection Against 'Login Prompt' Spam (zdnet.com) 24
Twelve years after it was first notified of the issue, Mozilla has finally shipped a fix this week that will prevent abusive websites -- usually tech support scam sites -- from flooding users with non-stop "authentication required" login popups and prevent users from leaving or closing their browsers. From a report: The fix has been shipped in Firefox v68, the current Nightly release, and will hit the browser's stable branch sometimes in early July. According to Firefox engineer Johann Hofmann, starting with Firefox 68, web pages won't be allowed to show more than two login prompts. Starting with the third request, Firefox will intervene to suppress the authentication popup.
Mozilla previously shipped a fix for this issue, but it was incomplete, as it blocked authentication prompts that originated from subresources, such as iframes. This latest patch completes the fix by blocking all types of authentication required prompts -- including those generated by the site's main domain.
Mozilla previously shipped a fix for this issue, but it was incomplete, as it blocked authentication prompts that originated from subresources, such as iframes. This latest patch completes the fix by blocking all types of authentication required prompts -- including those generated by the site's main domain.
Funny thing (Score:4, Interesting)
I never see any of these pop-ups and I'm running FF 50 (I think) at home. Never had any problems.
I guess I'm not one checking out Bob's House of Free Software every day.
Re: Funny thing (Score:1)
Chrome and Edge are the worst offenders when hit by these login popovers. Not just shady porn sites, but also mainstream sites whose advertising service gets compromised. Slashdot had the problem for a while within the last year.
Re: (Score:1)
Re:Funny thing (Score:4, Insightful)
Or clicking random shared links on Facebook - this is the #1 way.
Re: (Score:1)
Re: (Score:1)
Re: Javascript in browsers: a bad idea from the st (Score:1)
Try umatrix it will give you control of what sites can load Scripts/images/frames/...
Get full control about your browser.
Maybe after 12 years (Score:3)
Microsoft OWA (Score:2)
This will be nice to get at work. There, Microsoft's Outlook Web Access constantly has bad authentication requests, but only on Firefox. Fortunately, I can tell which are the bad ones, because they say something like "the site says "mail.COMPANYNAME.com"". Entering a username/password never works, it just asks again, but cancelling makes the popup go away, for a time.
I'm not sure if it's a bug in OWA, or a misconfiguration made by the IT group. But they're very annoying and it's good to hear they might