Firefox 124.0.1 64-bit
No add-ons
No extensions

For a few weeks, once in a while, when I close Firefox, there's still a
Firefox window on my screen, with an add showing Elon Musk advertising
for CBD gummies. In this window, there's still the application menu in
the upper right, and I can click on any of the items within, and they all
work fine, including "New tab", which launches the 'real' Firefox. But
when I close Firefox, the add remains. Clicking on the "X" in the upper
right will close the add.

Today, the add changed to one for McAfee.

https://postimg.cc/gallery/DWz4XxD

Pop-up blocking is enabled, but I don't think these are pop-ups. I ran
Microsoft Defender Full scan and Offline scan, and F-Secure. Nothing
showed up. I started Malwarebytes, but it locked up the machine.

These 'adds' do not appear in any other browsers, and I don't get them on
any other machines running Firefox.

Has anyone experienced this? I've researched, but can't find anything.

Boris <Boris@invalid.invalid> wrote in
news:XnsB143979BFF462Borisinvalidinvalid@135.181.20.170:

> Firefox 124.0.1 64-bit
> No add-ons
> No extensions
>
> For a few weeks, once in a while, when I close Firefox, there's still
> a Firefox window on my screen, with an add showing Elon Musk
> advertising for CBD gummies. In this window, there's still the
> application menu in the upper right, and I can click on any of the
> items within, and they all work fine, including "New tab", which
> launches the 'real' Firefox. But when I close Firefox, the add
> remains. Clicking on the "X" in the upper right will close the add.
>
> Today, the add changed to one for McAfee.
>
> https://postimg.cc/gallery/DWz4XxD
>
> Pop-up blocking is enabled, but I don't think these are pop-ups. I
> ran Microsoft Defender Full scan and Offline scan, and F-Secure.
> Nothing showed up. I started Malwarebytes, but it locked up the
> machine.
>
> These 'adds' do not appear in any other browsers, and I don't get them
> on any other machines running Firefox.
>
> Has anyone experienced this? I've researched, but can't find
> anything.
>

Permissions>Notifications is also blocked. There are no websites
appearing in the 'exceptions' window.

Boris <Boris@invalid.invalid> wrote in
news:XnsB143979BFF462Borisinvalidinvalid@135.181.20.170:

> Firefox 124.0.1 64-bit
> No add-ons
> No extensions
>
> For a few weeks, once in a while, when I close Firefox, there's still a
> Firefox window on my screen, with an add showing Elon Musk advertising
> for CBD gummies. In this window, there's still the application menu in
> the upper right, and I can click on any of the items within, and they all
> work fine, including "New tab", which launches the 'real' Firefox. But
> when I close Firefox, the add remains. Clicking on the "X" in the upper
> right will close the add.
>
> Today, the add changed to one for McAfee.
>
> https://postimg.cc/gallery/DWz4XxD
>
> Pop-up blocking is enabled, but I don't think these are pop-ups. I ran
> Microsoft Defender Full scan and Offline scan, and F-Secure. Nothing
> showed up. I started Malwarebytes, but it locked up the machine.
>
> These 'adds' do not appear in any other browsers, and I don't get them on
> any other machines running Firefox.
>
> Has anyone experienced this? I've researched, but can't find anything.
>

I've not seen anything like what you describe. I run AdBlocker and never see
ads. I do sometimes have to allow some sites to do things to enable sound
with streaming. I love Firefox.

On 2024-03-28 22:55, Boris wrote:
> Firefox 124.0.1 64-bit
> No add-ons
> No extensions
>
> For a few weeks, once in a while, when I close Firefox, there's still a
> Firefox window on my screen, with an add showing Elon Musk advertising
> for CBD gummies. In this window, there's still the application menu in
> the upper right, and I can click on any of the items within, and they all
> work fine, including "New tab", which launches the 'real' Firefox. But
> when I close Firefox, the add remains. Clicking on the "X" in the upper
> right will close the add.
>
> Today, the add changed to one for McAfee.
>
> https://postimg.cc/gallery/DWz4XxD
>
> Pop-up blocking is enabled, but I don't think these are pop-ups. I ran
> Microsoft Defender Full scan and Offline scan, and F-Secure. Nothing
> showed up. I started Malwarebytes, but it locked up the machine.
>
> These 'adds' do not appear in any other browsers, and I don't get them on
> any other machines running Firefox.
>
> Has anyone experienced this? I've researched, but can't find anything.

Maybe you accepted notifications from some site. I don't know if FF
keeps a list of them somewhere.

--
Cheers, Carlos.

Carlos E.R. wrote:
> On 2024-03-28 22:55, Boris wrote:
>> Firefox 124.0.1 64-bit
>> No add-ons
>> No extensions
>>
>> For a few weeks, once in a while, when I close Firefox, there's still a
>> Firefox window on my screen, with an add showing Elon Musk advertising
>> for CBD gummies.

[..snip..]
> Maybe you accepted notifications from some site. I don't know if FF
> keeps a list of them somewhere.

Settings - Privacy&Security - Permissions: Notifications

Boris <Boris@invalid.invalid> wrote:

> Firefox 124.0.1 64-bit
> No add-ons
> No extensions
>
> For a few weeks, once in a while, when I close Firefox, there's still a
> Firefox window on my screen, with an add showing Elon Musk advertising
> for CBD gummies. In this window, there's still the application menu in
> the upper right, and I can click on any of the items within, and they all
> work fine, including "New tab", which launches the 'real' Firefox. But
> when I close Firefox, the add remains. Clicking on the "X" in the upper
> right will close the add.
>
> Today, the add changed to one for McAfee.
>
> https://postimg.cc/gallery/DWz4XxD
>
> Pop-up blocking is enabled, but I don't think these are pop-ups. I ran
> Microsoft Defender Full scan and Offline scan, and F-Secure. Nothing
> showed up. I started Malwarebytes, but it locked up the machine.
>
> These 'adds' do not appear in any other browsers, and I don't get them on
> any other machines running Firefox.
>
> Has anyone experienced this? I've researched, but can't find anything.

When you think you have exited Firefox, is firefox.exe still listed in
Task Manager?

A possibility for your problem is the use of service workers. They are
disabled in Private mode. See:

https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API

Disable service workers. In about:config, edit:

dom.serviceWorkders.enabled = FALSE

You can go to about:serviceworkers to see a list of registered workers,
and about:debugging#/runtime/this-firefox, too. I have them disabled,
so the internal page reports "Service Workers are not enabled". If not
disabled, about:serviceworkers will list them, and there will be an
Unregister button to delete them (until you again visit the web page
that registers them). Service workers do not automatically update, so
you have to unregister them to re-register to get a later version.

I don't know what is the current vulnerability state of service workers,
but they have had past vulnerabilities.

https://portswigger.net/daily-swig/the-service-worker-hiding-in-your-browser
https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting/abusing-service-workers
https://www.akamai.com/blog/security/abusing-the-service-workers-api

They also provide in-domain tracking. They cannot be used cross-domain
(same-domain origin policy is enforced), but are lurking in your web
browser upon revisit to the same domain.

Try the about:config setting, and reload Firefox to see the problem
persists. Have you also flushed all locally cached data for Firefox?

On Thu, 28 Mar 2024 21:55:26 -0000 (UTC), Boris wrote:

> Firefox 124.0.1 64-bit
> No add-ons
> No extensions
>
> For a few weeks, once in a while, when I close Firefox, there's still a
> Firefox window on my screen, with an add showing Elon Musk advertising
> for CBD gummies. In this window, there's still the application menu in
> the upper right, and I can click on any of the items within, and they all
> work fine, including "New tab", which launches the 'real' Firefox. But
> when I close Firefox, the add remains. Clicking on the "X" in the upper
> right will close the add.
>
> Today, the add changed to one for McAfee.
>
> https://postimg.cc/gallery/DWz4XxD
>
> Pop-up blocking is enabled, but I don't think these are pop-ups. I ran
> Microsoft Defender Full scan and Offline scan, and F-Secure. Nothing
> showed up. I started Malwarebytes, but it locked up the machine.
>
> These 'adds' do not appear in any other browsers, and I don't get them on
> any other machines running Firefox.
>
> Has anyone experienced this? I've researched, but can't find anything.

Pop-up blocking blocks *unrequested* windows. It does not block
windows that open in response to a link you clicked. A few sites
are quite devious about opening pop-ups when you click on what
appears to be a legitimate button or link. If the Firefox preference
"dom.disable_window_flip" is set to false [1], the site can easily
hide this window behind your normal browser window so you may not
know it has been opened until much later.

I have not seen this for several years. I have seen it in the more
distant past with a few devious sites.

I presume you are closing Firefox with the red 'X' in the upper right.
Do you still get this ad (ADvertisement) if you close Firefox with the
"File >> Exit" menu, or with Ctrl+Shift+Q ? The red 'X' closes only
the current Firefox window while "File >> Exit" and Ctrl+Shift+Q close
all Firefox windows.

____
REFERENCES
[1] <https://support.mozilla.org/en-US/questions/960546>

--
Kind regards
Ralph Fox
🦊

Out of sight out of mind.

On 2024-03-29 00:51, Frank Miller wrote:
> Carlos E.R. wrote:
>> On 2024-03-28 22:55, Boris wrote:
>>> Firefox 124.0.1 64-bit
>>> No add-ons
>>> No extensions
>>>
>>> For a few weeks, once in a while, when I close Firefox, there's still a
>>> Firefox window on my screen, with an add showing Elon Musk advertising
>>> for CBD gummies.
>
> [..snip..]
>> Maybe you accepted notifications from some site. I don't know if FF
>> keeps a list of them somewhere.
>
> Settings - Privacy&Security - Permissions: Notifications

Ah, thanks.

--
Cheers, Carlos.

VanguardLH <V@nguard.LH> wrote in news:pzk2lacrtyja$.dlg@v.nguard.lh:

> Boris <Boris@invalid.invalid> wrote:
>
>> Firefox 124.0.1 64-bit
>> No add-ons
>> No extensions
>>
>> For a few weeks, once in a while, when I close Firefox, there's still a
>> Firefox window on my screen, with an add showing Elon Musk advertising
>> for CBD gummies. In this window, there's still the application menu in
>> the upper right, and I can click on any of the items within, and they
>> all work fine, including "New tab", which launches the 'real' Firefox.
>> But when I close Firefox, the add remains. Clicking on the "X" in the
>> upper right will close the add.
>>
>> Today, the add changed to one for McAfee.
>>
>> https://postimg.cc/gallery/DWz4XxD
>>
>> Pop-up blocking is enabled, but I don't think these are pop-ups. I ran
>> Microsoft Defender Full scan and Offline scan, and F-Secure. Nothing
>> showed up. I started Malwarebytes, but it locked up the machine.
>>
>> These 'adds' do not appear in any other browsers, and I don't get them
>> on any other machines running Firefox.
>>
>> Has anyone experienced this? I've researched, but can't find anything.
>
> When you think you have exited Firefox, is firefox.exe still listed in
> Task Manager?

Yes, Task Manager shows Firefox is still running.

>
> A possibility for your problem is the use of service workers. They are
> disabled in Private mode. See:
>
> https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API
>
> Disable service workers. In about:config, edit:
>
> dom.serviceWorkders.enabled = FALSE

Done. Now I'll wait and see.

https://postimg.cc/T5r5CxCY

>
> You can go to about:serviceworkers to see a list of registered workers,
> and about:debugging#/runtime/this-firefox, too. I have them disabled,
> so the internal page reports "Service Workers are not enabled". If not
> disabled, about:serviceworkers will list them, and there will be an
> Unregister button to delete them (until you again visit the web page
> that registers them). Service workers do not automatically update, so
> you have to unregister them to re-register to get a later version.
>
> I don't know what is the current vulnerability state of service workers,
> but they have had past vulnerabilities.
>
> https://portswigger.net/daily-swig/the-service-worker-hiding-in-your-brow
> ser
> https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting/abusi
> ng-service-workers
> https://www.akamai.com/blog/security/abusing-the-service-workers-api
>
> They also provide in-domain tracking. They cannot be used cross-domain
> (same-domain origin policy is enforced), but are lurking in your web
> browser upon revisit to the same domain.
>
> Try the about:config setting, and reload Firefox to see the problem
> persists. Have you also flushed all locally cached data for Firefox?

Boris <nospam@invalid.com> wrote in news:XnsB14796DCC11B6nospaminvalidcom@
135.181.20.170:

> https://postimg.cc/T5r5CxCY

serviceWorkers:

https://postimg.cc/SY0z6RLv

Boris <nospam@invalid.com> wrote:

> VanguardLH <V@nguard.LH> wrote:
>
>> A possibility for your problem is the use of service workers. They
>> are disabled in Private mode. See:
>>
>> https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API
>>
>> Disable service workers. In about:config, edit:
>>
>> dom.serviceWorkders.enabled = FALSE
>
> Done. Now I'll wait and see.

As verification, after changing the setting to false, and restarting
Firefox, go to:

about:serviceworkers

You should get a message that service workers are not enabled.

Later when you think you have exited Firefox, and wait maybe a minute,
but there are still firefox.exe process listed in Task Manager, it
didn't really exit. Something else is keeping it loaded.

VanguardLH <V@nguard.LH> wrote in news:tpiujuglgwly$.dlg@v.nguard.lh:

> Boris <nospam@invalid.com> wrote:
>
>> VanguardLH <V@nguard.LH> wrote:
>>
>>> A possibility for your problem is the use of service workers. They
>>> are disabled in Private mode. See:
>>>
>>> https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API
>>>
>>> Disable service workers. In about:config, edit:
>>>
>>> dom.serviceWorkders.enabled = FALSE
>>
>> Done. Now I'll wait and see.
>
> As verification, after changing the setting to false, and restarting
> Firefox, go to:
>
> about:serviceworkers
>
> You should get a message that service workers are not enabled.

Yes, I got that message.

>
> Later when you think you have exited Firefox, and wait maybe a minute,
> but there are still firefox.exe process listed in Task Manager, it
> didn't really exit. Something else is keeping it loaded.

I exited, waited a while, and Firefox was not running in Task Manager.

It's been 48 hours, and the the pop-ups, new or old, have not reappeared.

Many thanks.

Boris <nospam@invalid.com> wrote in news:XnsB14993D8E8F44nospaminvalidcom@
135.181.20.170:

> VanguardLH <V@nguard.LH> wrote in news:tpiujuglgwly$.dlg@v.nguard.lh:
>
>> Boris <nospam@invalid.com> wrote:
>>
>>> VanguardLH <V@nguard.LH> wrote:
>>>
>>>> A possibility for your problem is the use of service workers. They
>>>> are disabled in Private mode. See:
>>>>
>>>> https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API
>>>>
>>>> Disable service workers. In about:config, edit:
>>>>
>>>> dom.serviceWorkders.enabled = FALSE
>>>
>>> Done. Now I'll wait and see.
>>
>> As verification, after changing the setting to false, and restarting
>> Firefox, go to:
>>
>> about:serviceworkers
>>
>> You should get a message that service workers are not enabled.
>
> Yes, I got that message.
>
>>
>> Later when you think you have exited Firefox, and wait maybe a minute,
>> but there are still firefox.exe process listed in Task Manager, it
>> didn't really exit. Something else is keeping it loaded.
>
> I exited, waited a while, and Firefox was not running in Task Manager.
>
> It's been 48 hours, and the the pop-ups, new or old, have not reappeared.
>
> Many thanks.

The pop-up is back:

https://postimg.cc/jLTvg834

It's not causing any problems (that I know of). I just wonder how it got
started. From my reading of 'service workers', I wonder if the pop-up is
triggered by an infected website that I visit. Maybe I'll just visit one
site per browsing session and see when the pop-up appears.

Boris <nospam@invalid.com> wrote:

> The pop-up is back:
>
> https://postimg.cc/jLTvg834
>
> It's not causing any problems (that I know of). I just wonder how it got
> started. From my reading of 'service workers', I wonder if the pop-up is
> triggered by an infected website that I visit. Maybe I'll just visit one
> site per browsing session and see when the pop-up appears.

The URL you show in the first screenshot had "/ads_" in its path, so
you're seeing some ad. If the second screenshot is what you see, that's
rogueware pretending you have McAfee. I bet if you hover over the
hyperlinks in that ad that they do not point to a McAfee web site.
You're being phished.

You don't use an adblocker? I use uBlock Origin (in expert mode).

On 06.04.2024 02:49, VanguardLH wrote:
> Boris <nospam@invalid.com> wrote:
>
>> The pop-up is back:
>>
>> https://postimg.cc/jLTvg834
>>
>> It's not causing any problems (that I know of). I just wonder how it got
>> started. From my reading of 'service workers', I wonder if the pop-up is
>> triggered by an infected website that I visit. Maybe I'll just visit one
>> site per browsing session and see when the pop-up appears.
>
> The URL you show in the first screenshot had "/ads_" in its path, so
> you're seeing some ad. If the second screenshot is what you see, that's
> rogueware pretending you have McAfee. I bet if you hover over the
> hyperlinks in that ad that they do not point to a McAfee web site.
> You're being phished.
>
> You don't use an adblocker? I use uBlock Origin (in expert mode).

FACK. Add NoScript to it as well and you will eyperience peace and quiet.

--
"Ave Caesar! Morituri te salutant!"

Boris <nospam@invalid.com> wrote in
news:XnsB14BA5E4B6A6nospaminvalidcom@135.181.20.170:

> Boris <nospam@invalid.com> wrote in
> news:XnsB14993D8E8F44nospaminvalidcom@ 135.181.20.170:
>
>> VanguardLH <V@nguard.LH> wrote in news:tpiujuglgwly$.dlg@v.nguard.lh:
>>
>>> Boris <nospam@invalid.com> wrote:
>>>
>>>> VanguardLH <V@nguard.LH> wrote:
>>>>
>>>>> A possibility for your problem is the use of service workers. They
>>>>> are disabled in Private mode. See:
>>>>>
>>>>> https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API
>>>>>
>>>>> Disable service workers. In about:config, edit:
>>>>>
>>>>> dom.serviceWorkders.enabled = FALSE
>>>>
>>>> Done. Now I'll wait and see.
>>>
>>> As verification, after changing the setting to false, and restarting
>>> Firefox, go to:
>>>
>>> about:serviceworkers
>>>
>>> You should get a message that service workers are not enabled.
>>
>> Yes, I got that message.
>>
>>>
>>> Later when you think you have exited Firefox, and wait maybe a minute,
>>> but there are still firefox.exe process listed in Task Manager, it
>>> didn't really exit. Something else is keeping it loaded.
>>
>> I exited, waited a while, and Firefox was not running in Task Manager.
>>
>> It's been 48 hours, and the the pop-ups, new or old, have not
>> reappeared.
>>
>> Many thanks.
>
> The pop-up is back:
>
> https://postimg.cc/jLTvg834
>
> It's not causing any problems (that I know of). I just wonder how it
> got started. From my reading of 'service workers', I wonder if the
> pop-up is triggered by an infected website that I visit. Maybe I'll
> just visit one site per browsing session and see when the pop-up
> appears.

I began visiting each of my usual sites, one at a time per browsing
session, to see if a pop-up would appear, and if so, with which website.
When I visited "www.americanthinker.com", the Elon Musk selling CBD popped
up. (The URL in this pop-up is 761 characters long.) Clicking on any
link on this pop-up's page takes one to the same place each time, a page
to order CBD gummies. The pop-up's domain in the URL is
"rightdailyfeed.com".

When I go to https://www.rightdailyfeed.com, I'm taken to an empty
webpage, with "code: 3465468754"in the upper left hand corner.

A search on "code: 3465468754" takes me to some google images, one of
which is "rightdailyfeed.com Traffic Analytics - Similarweb".

Clicking on that image takes me to
https://www.similarweb.com/website/rightdailyfeed.com/.

If I scroll down the page to "rightdailyfeed.com Target Audience", there's
americanthinker.com, the site that when I went there, Elon's CBD pop-up
appeared.

https://postimg.cc/gallery/4HQKgmY
But, if I cruise around similarweb's page a little more, I see lots of
other well known websites I occasionally, such as finance, health care,
insurance, etc., so these other sites may trigger a pop-up. I just don't
understand how this all works.

I'm going to install an ad blocker, and see what happens.

On Sat, 6 Apr 2024 22:45:43 -0000 (UTC), Boris <nospam@invalid.com>
wrote:

>Boris <nospam@invalid.com> wrote in
>news:XnsB14BA5E4B6A6nospaminvalidcom@135.181.20.170:
>
>> Boris <nospam@invalid.com> wrote in
>> news:XnsB14993D8E8F44nospaminvalidcom@ 135.181.20.170:
>>
>>> VanguardLH <V@nguard.LH> wrote in news:tpiujuglgwly$.dlg@v.nguard.lh:
>>>
>>>> Boris <nospam@invalid.com> wrote:
>>>>
>>>>> VanguardLH <V@nguard.LH> wrote:
>>>>>
>>>>>> A possibility for your problem is the use of service workers. They
>>>>>> are disabled in Private mode. See:
>>>>>>
>>>>>> https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API
>>>>>>
>>>>>> Disable service workers. In about:config, edit:
>>>>>>
>>>>>> dom.serviceWorkders.enabled = FALSE
>>>>>
>>>>> Done. Now I'll wait and see.
>>>>
>>>> As verification, after changing the setting to false, and restarting
>>>> Firefox, go to:
>>>>
>>>> about:serviceworkers
>>>>
>>>> You should get a message that service workers are not enabled.
>>>
>>> Yes, I got that message.
>>>
>>>>
>>>> Later when you think you have exited Firefox, and wait maybe a minute,
>>>> but there are still firefox.exe process listed in Task Manager, it
>>>> didn't really exit. Something else is keeping it loaded.
>>>
>>> I exited, waited a while, and Firefox was not running in Task Manager.
>>>
>>> It's been 48 hours, and the the pop-ups, new or old, have not
>>> reappeared.
>>>
>>> Many thanks.
>>
>> The pop-up is back:
>>
>> https://postimg.cc/jLTvg834
>>
>> It's not causing any problems (that I know of). I just wonder how it
>> got started. From my reading of 'service workers', I wonder if the
>> pop-up is triggered by an infected website that I visit. Maybe I'll
>> just visit one site per browsing session and see when the pop-up
>> appears.

<Rather Large Surgical Incision>

>I'm going to install an ad blocker, and see what happens.

So after this whole lengthy rigmarole, you admit to not having an *ad
blocker* installed/running?

<sigh>

Boris <nospam@invalid.com> wrote:

> I began visiting each of my usual sites, one at a time per browsing
> session, to see if a pop-up would appear, and if so, with which website.
> When I visited "www.americanthinker.com", the Elon Musk selling CBD popped
> up. (The URL in this pop-up is 761 characters long.) Clicking on any
> link on this pop-up's page takes one to the same place each time, a page
> to order CBD gummies. The pop-up's domain in the URL is
> "rightdailyfeed.com".
>
> When I go to https://www.rightdailyfeed.com, I'm taken to an empty
> webpage, with "code: 3465468754"in the upper left hand corner.
>
> A search on "code: 3465468754" takes me to some google images, one of
> which is "rightdailyfeed.com Traffic Analytics - Similarweb".
>
> Clicking on that image takes me to
> https://www.similarweb.com/website/rightdailyfeed.com/.
>
> If I scroll down the page to "rightdailyfeed.com Target Audience", there's
> americanthinker.com, the site that when I went there, Elon's CBD pop-up
> appeared.
>
> https://postimg.cc/gallery/4HQKgmY
> But, if I cruise around similarweb's page a little more, I see lots of
> other well known websites I occasionally, such as finance, health care,
> insurance, etc., so these other sites may trigger a pop-up. I just don't
> understand how this all works.
>
> I'm going to install an ad blocker, and see what happens.

I went to americanthinker.com, and go no popups. I use uBlock Origin
(in expert mode), and my choice of blacklist subscriptions might not
match those selected by another user of uBO. Besides domain blocks,
many URL substrings are also included in the filters of many blacklists,
like paths or args that point to possible ad sources.

Am 07.04.24 um 00:45 schrieb Boris:
> Boris <nospam@invalid.com> wrote in
> news:XnsB14BA5E4B6A6nospaminvalidcom@135.181.20.170:
>
>> Boris <nospam@invalid.com> wrote in
>> news:XnsB14993D8E8F44nospaminvalidcom@ 135.181.20.170:
>>
>>> VanguardLH <V@nguard.LH> wrote in news:tpiujuglgwly$.dlg@v.nguard.lh:
>>>
>>>> Boris <nospam@invalid.com> wrote:
>>>>
>>>>> VanguardLH <V@nguard.LH> wrote:
>>>>>
>>>>>> A possibility for your problem is the use of service workers. They
>>>>>> are disabled in Private mode. See:
>>>>>>
>>>>>> https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API
>>>>>>
>>>>>> Disable service workers. In about:config, edit:
>>>>>>
>>>>>> dom.serviceWorkders.enabled = FALSE
>>>>>
>>>>> Done. Now I'll wait and see.
>>>>
>>>> As verification, after changing the setting to false, and restarting
>>>> Firefox, go to:
>>>>
>>>> about:serviceworkers
>>>>
>>>> You should get a message that service workers are not enabled.
>>>
>>> Yes, I got that message.
>>>
>>>>
>>>> Later when you think you have exited Firefox, and wait maybe a minute,
>>>> but there are still firefox.exe process listed in Task Manager, it
>>>> didn't really exit. Something else is keeping it loaded.
>>>
>>> I exited, waited a while, and Firefox was not running in Task Manager.
>>>
>>> It's been 48 hours, and the the pop-ups, new or old, have not
>>> reappeared.
>>>
>>> Many thanks.
>>
>> The pop-up is back:
>>
>> https://postimg.cc/jLTvg834
>>
>> It's not causing any problems (that I know of). I just wonder how it
>> got started. From my reading of 'service workers', I wonder if the
>> pop-up is triggered by an infected website that I visit. Maybe I'll
>> just visit one site per browsing session and see when the pop-up
>> appears.
>
> I began visiting each of my usual sites, one at a time per browsing
> session, to see if a pop-up would appear, and if so, with which website.
> When I visited "www.americanthinker.com",

This page is a piece of shit. Trump is a traitor and the biggest loser ever.

Nothing pops up here with uBlock Origin and NoScrip.

--
"Gutta cavat lapidem." (Ovid)

VanguardLH <V@nguard.LH> wrote in news:57l7kmib4bgm.dlg@v.nguard.lh:

> Boris <nospam@invalid.com> wrote:
>
>> I began visiting each of my usual sites, one at a time per browsing
>> session, to see if a pop-up would appear, and if so, with which
>> website. When I visited "www.americanthinker.com", the Elon Musk
>> selling CBD popped up. (The URL in this pop-up is 761 characters
>> long.) Clicking on any link on this pop-up's page takes one to the
>> same place each time, a page to order CBD gummies. The pop-up's domain
>> in the URL is "rightdailyfeed.com".
>>
>> When I go to https://www.rightdailyfeed.com, I'm taken to an empty
>> webpage, with "code: 3465468754"in the upper left hand corner.
>>
>> A search on "code: 3465468754" takes me to some google images, one of
>> which is "rightdailyfeed.com Traffic Analytics - Similarweb".
>>
>> Clicking on that image takes me to
>> https://www.similarweb.com/website/rightdailyfeed.com/.
>>
>> If I scroll down the page to "rightdailyfeed.com Target Audience",
>> there's americanthinker.com, the site that when I went there, Elon's
>> CBD pop-up appeared.
>>
>> https://postimg.cc/gallery/4HQKgmY
>> But, if I cruise around similarweb's page a little more, I see lots of
>> other well known websites I occasionally, such as finance, health care,
>> insurance, etc., so these other sites may trigger a pop-up. I just
>> don't understand how this all works.
>>
>> I'm going to install an ad blocker, and see what happens.
>
> I went to americanthinker.com, and go no popups. I use uBlock Origin
> (in expert mode), and my choice of blacklist subscriptions might not
> match those selected by another user of uBO. Besides domain blocks,
> many URL substrings are also included in the filters of many blacklists,
> like paths or args that point to possible ad sources.

I installed UBlock Origin, and low and behold, not only did the 'normal'
pop-ups stop, but so did the two (Elon Musk ad for CBD gummies, and McAfee
ad) full page in the background pop-ups stop.

I didn't consider the Elon/McAfee pop-ups to be 'normal' pop-ups, since
they were full page and remained after closing Firefox. I wanted to
figure out where they came from and why the Firefox default setting "block
pop-up windows", when enabled, didn't stop any pop-ups. That setting
seemed useless.

I'm not running uBlock Origin in Advanced mode, until I figure more of it
out, but I do like the logger.

Many thanks again.