12 Years After It Was Notified, Firefox To Add Full Protection Against ‘Login Prompt’ Spam

Twelve years after it was first notified of the issue, Mozilla has finally shipped a fix this week that will prevent abusive websites — usually tech support scam sites — from flooding users with non-stop “authentication required” login popups and prevent users from leaving or closing their browsers. From a report: The fix has been shipped in Firefox v68, the current Nightly release, and will hit the browser’s stable branch sometimes in early July. According to Firefox engineer Johann Hofmann, starting with Firefox 68, web pages won’t be allowed to show more than two login prompts. Starting with the third request, Firefox will intervene to suppress the authentication popup. Mozilla previously shipped a fix for this issue, but it was incomplete, as it blocked authentication prompts that originated from subresources, such as iframes. This latest patch completes the fix by blocking all types of authentication required prompts — including those generated by the site’s main domain.

Read more of this story at Slashdot.

Source: https://yro.slashdot.org/story/19/04/05/1946235/12-years-after-it-was-notified-firefox-to-add-full-protection-against-login-prompt-spam?utm_source=rss1.0mainlinkanon&utm_medium=feed