Javascript pop up in Firefox on Yahoo Finance
-
I have a client that when they go to finance.yahoo.com they will often get a pop up Window for a Firefox update and asking them to run a firefox-patch.js file. They are smart enough to not run it.
It only happens in Firefox, and only on Yahoo Finance.
In the lower left hand corner, instead of loading and stopping, it keeps trying to load different pages.
I have run every known AV Scanner, looked for issues using FRST and even nuked and paved. After nuke & pave, going back to finance.yahoo.com I still get the the pop-up. This happens on any computer in the network.
I am even using Webroot Filtered DNS as the forwarder on the Windows DNS Server as well as in Untangle.
I'm scratching my head trying to think of what else may be causing this.
-
Maybe their DNS is poisoned?
-
That's my thought as well. I had Untangle support remote in. They looked at the settings and can't see any issues. I was using Comcast DNS (default from the WAN) on untangle and using Google DNS as the forwarders on the Domain Controller DNS. I switched both to Webroot's Secure DNS (paid service) and still no difference. I turned on the Adblocker feature on Untangle and no help there.
-
There might be malicious ads on the Yahoo page?
-
Very likely but I can't reproduce it outside of their network. Outside of their network the page loads and stops loading. There isn't the constant lower left activity showing several links loading.
-
@ccwtech said in Javascript pop up in Firefox on Yahoo Finance:
Very likely but I can't reproduce it outside of their network. Outside of their network the page loads and stops loading. There isn't the constant lower left activity showing several links loading.
That makes me think the firewall might be compromised, or the ISP is injecting things.
-
Untangle doesn't appear to be compromised (from what I can see). I use Comcast and am geographically ~ 2 miles from their office and can't replicate it. I do use a Meraki instead of Untangle and many other parts of my network are different however. I haven't tried hooking a computer directly to the modem to see what happens if I do that... (I just thought of that while writing this.)
-
It has been some years since I worked with an Untangle box and I know there have been a number of changes since then.
I believe if the pop up is the same address, you can block it via the UT GUI,.. I just don't remember how...
I would on occasion run off the 70 page report and make adjustments based on the junk that got through - also blocking whole ip ranges (countries) that were trying to brute force the system.
-
They don't want to block finance.yahoo.com and the multiple pages it's loading are too many to block.
-
Here is an example: https://youtu.be/A5Q0efHMbU4
-
@ccwtech said in Javascript pop up in Firefox on Yahoo Finance:
Here is an example: https://youtu.be/A5Q0efHMbU4
From the stream of links and such in the status bar, there was a number of adclick. This is something I recall being able to block with UT.
-
@ccwtech FWIW, i see similar behavior when viewing this page from both home and work. No JS popups though...
-
What extensions are install on FF?
-
None. I did a nuke and pave and fresh install of FF from Ninite.com.
-
@danp That's good info. I'm wondering if you can just leave finance.yahoo.com up in the background. The pop-ups aren't always instant.
-
@ccwtech Sure. I'll report back if anything unusual occurs.
-
-
@ccwtech The page has been opened for about 15 mins without any popups. FWIW, the page eventually finished loading after between 10 and 15 mins.
-
@danp said in Javascript pop up in Firefox on Yahoo Finance:
https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update
LOL - that was my guess.
malvertising. -
I see this from time to time, only when using firefox. Even on sites like Ars it happens.
They serve bad advertisements to you, and one of them gets you a popup in firefox.
