This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Are you developing a defense against malicious use of site-generated error messages (as examplified by the [rather harmless] hurr-durr.com)?

  • 4 replies
  • 3 have this problem
  • 1 view
  • Last reply by danbae

more options

If you enter the hurr-durr.com website, it will demonstrate how messages generated by a specific website can be used to paralyse the web browser such that you will need to quit your browser and restart it. Basically, any action from the user (such as trying to close the tab used by hurr-durr.com) is met with a nonsense message and no other response (tab remains open). Shouldn't there be some kind of defense against this? hurr-durr is rather daft and harmless but I can imagine that this loophole can be used for more sinister purposes.

If you enter the hurr-durr.com website, it will demonstrate how messages generated by a specific website can be used to paralyse the web browser such that you will need to quit your browser and restart it. Basically, any action from the user (such as trying to close the tab used by hurr-durr.com) is met with a nonsense message and no other response (tab remains open). Shouldn't there be some kind of defense against this? hurr-durr is rather daft and harmless but I can imagine that this loophole can be used for more sinister purposes.

All Replies (4)

more options

It relies upon JavaScript, you can use the NoScript add-on to prevent that sort of site from working. NoScript by default blocks all JavaScript and lets you specify what sites you want JavaScript to work on.

more options

Thank you for a prompt reply. It was very helpful. But since a lot of websites use Javascripts, maybe there will be a lot of extra handling. Also you can't know in advance which scripts will be malicious. Ideally you would like something that stops javascripts from doing certain things, like preventing the closing of a page. Maybe that is very difficult.

more options

The next Firefox 4.0 version will have a check box on such alert messages to prevent further alerts from appearing.

See also:

more options

That sounds like a straightforward and useful remedy. Very much looking forward to that.