Malware creators are abusing a vulnerability in Firefox to trick users. Intriguingly, the vulnerability was first reported in April 2007 and has been repeatedly reported back, but for some reason, it has not been fixed.
The exploitation of this vulnerability is not difficult. Simply embed an iframe of a malicious website in the source code to issue an HTTP authentication request on another domain, allowing the iframe to display the authentication mode on the malicious site, as shown below:
In the past few years, malware authors and scammers have been abusing this vulnerability to attract users browsing malicious websites, such as displaying technical support scams, inducing users to purchase fake gift cards, going to fake technical assistance sites, or directly jumps the user to the malware website.
Whenever a user attempts to leave, the owner of these malicious sites will cycle through the full-screen authentication mode. The user turns off the dialogue and another pops up. Pressing ESC to exit full screen and the window’s close button does not work until they completely close the browser through the process.