Firefox Now Blocks “Authentication Required” Prompts By Scam Websites

After more than a decade, Firefox finally brings peace to the users annoyed with fake “authentication required” prompts. With Firefox 68, Mozilla decides to put an end on the troublesome login prompts by scam websites.

Blocking Scam “Authentication Required” Prompts

Reportedly Mozilla’s upcoming Firefox 68 will end up the annoying “authentication required” prompts barraged upon users by scam websites. Mozilla allegedly addressed this problem 12 years after its first report.

As stated by Johann Hofmann, a Firefox engineer, in the bug report, Firefox 68 will block spammy login prompts by websites.

“For compat reasons, we made the patch in bug 377496 to be a “safe” version of the auth dialog abuse protections, which is still somewhat annoying to users that encounter evil websites.”

To fix the problem, Mozilla tightened the restrictions in two ways. First, it blocks the login attempts from the top-level frame, including the site’s main domain. Secondly, it limits the permitted number of cancellations to 2 only.

Login Prompt Annoyed Users For Quite Long

According to a previous bug report, scam websites tend to trouble users by repeated login prompts. This makes the users lose control of the browser, making them unable to switch tabs or close the window.

“A page with many embedded images that require authentication causes the ‘Authentication Required’ dialogue to be shown over and over again.”

Consequently, this seemed to cause a denial of service state on the target device.

“This gives the possibility of it being used as a DOS style attack, where a page loads random ‘authentication required’ in a JavaScript loop, or simply presenting a page with thousands of embedded images.”

This problem not only targeted Firefox users but also affected Chrome users. However, Firefox users faced more of such incidents, particularly from the tech support scam websites. Mozilla attempted to fix the bug earlier. But it didn’t successfully fix the problem as it applied block at the sub-resource level.

However, Firefox 68 will eventually end up this problem for good as Mozilla has released the patch with the current Nightly release, whereas it will arrive in the stable version coming in July 2019.

Recently, Google also patched the old evil cursor bug in Chrome browser – many tech support scammers actively exploited this bug to target Chrome users.

Let us know your thoughts in the comments section.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients