搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Are you developing a defense against malicious use of site-generated error messages (as examplified by the [rather harmless] hurr-durr.com)?

  • 4 回覆
  • 3 有這個問題
  • 1 次檢視
  • 最近回覆由 danbae

more options

If you enter the hurr-durr.com website, it will demonstrate how messages generated by a specific website can be used to paralyse the web browser such that you will need to quit your browser and restart it. Basically, any action from the user (such as trying to close the tab used by hurr-durr.com) is met with a nonsense message and no other response (tab remains open). Shouldn't there be some kind of defense against this? hurr-durr is rather daft and harmless but I can imagine that this loophole can be used for more sinister purposes.

If you enter the hurr-durr.com website, it will demonstrate how messages generated by a specific website can be used to paralyse the web browser such that you will need to quit your browser and restart it. Basically, any action from the user (such as trying to close the tab used by hurr-durr.com) is met with a nonsense message and no other response (tab remains open). Shouldn't there be some kind of defense against this? hurr-durr is rather daft and harmless but I can imagine that this loophole can be used for more sinister purposes.

所有回覆 (4)

more options

It relies upon JavaScript, you can use the NoScript add-on to prevent that sort of site from working. NoScript by default blocks all JavaScript and lets you specify what sites you want JavaScript to work on.

more options

Thank you for a prompt reply. It was very helpful. But since a lot of websites use Javascripts, maybe there will be a lot of extra handling. Also you can't know in advance which scripts will be malicious. Ideally you would like something that stops javascripts from doing certain things, like preventing the closing of a page. Maybe that is very difficult.

more options

The next Firefox 4.0 version will have a check box on such alert messages to prevent further alerts from appearing.

See also:

more options

That sounds like a straightforward and useful remedy. Very much looking forward to that.