On Sat, Sep 30, 2023 at 11:19 AM Michael Hennebry <
hennebry(a)web.cs.ndsu.nodak.edu> wrote:
On Wed, 27 Sep 2023, stan via users wrote:
> On Tue, 26 Sep 2023 12:06:46 -0500 (CDT)
> I think it is done by running javascript through your version of
> firefox. Do you have noscript add-on installed? That will block any
Noscript was already installed nand active.
It did not complain.
Many legit sites use
cloudfront.net. Read about it on wikipedia.
> javascript from a site, and you will have to turn on the urls that you
> want to be able to run javascript. I'm not sure how effective that
> would be in this case, since
cloudfront.net is often needed because many
> sites use it as their host. But, I expect that the problem url would
> show up differently in noscript, and you would be able to leave it
> disabled. Usually,
cloudfront.net is disabled automatically for
> other urls. I'm not willing to test that expectation, for obvious
> reasons. :-)
I'm not clear on what this means.
The url window showed .cloudfront.net .
Web search for "cloudfront.net malware" gets lots of hits, some from
legit sites. <
https://malwaretips.com/blogs/cloudfront-net-virus-removal/
seems to provide good information, but doesn't cover
mitigation steps for
linux.
<
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-m...
has good advice.
> > You could test whether this is the solution by
installing noscript,
> > shutting down and restarting firefox to clear the cache of allowed
> > sites (that is a setting in the privacy tab), and then visiting the
> > site again. The site should be blocked, and you can click on the
> I already had noscript installed and it did not complain.
> > noscript icon to see the list of urls that have been
blocked from
> > running javascript. If you want to experience the thrill again, you
> > can allow javascript from the above problem address for confirmation.
> > Then, turn it off, and the recovery is what you have already discovered.
> Once the site was active,
> all I could click on was an always-on application that was already running.
> The site seemed to have made firefox
> fullscreen and turned off all its buttons.
> Javascript is client-side, correct?
> The problem went away after disabling networking.
> Is there a way to tell firefox never to let a website take
it fullscreen?
> Failing that, is there a way to tell firefox to never go fullscreen at all?
This is trying to cure the disease by eliminating a symptom. You don't
know what is
happening behind that full screen.
--
George N. White III