I stumbled onto a very bad website: d1ykbfcai6wsme dot cloudfront dot net slash werrx01 slash phone=+1 dash 888 dash 387 dash 3976 &# .
nslookup gives several IP addresses for it: 13.227.44.(3, 62, 26, 12) and 2600:9000:21fa:(ca, ce, 14, 2e, 7e, b6, c2, ee)00:1:6351:b980:21
firefox went fullscreen and kept telling me that my computer was locked because, without my knowledge, it had been used for bad things. I should call the given number for help getting rid of the malware and to get my computer unlocked. Do not restart your computer or data loss and release of personal information might result.
The mouse would only show up on the always-on-top window of an expired timer.
I'd encountered similar before. This time I switched to virtual console 3 and SIGSTOPped firefox. When I got back to the GUI, virtual console 1, I had to log in again. Didn't help. Computer was quieter, but still unresponsive. I went back to virtual console 3. There was the GUI. Huh? Ok, virtual console 5. SIGCONT firefox and go back to the GUI. Turn off networking before logging in. That did it. I took firefox out of fullscreen mode. I got the above information and deleted just the window I wanted rid of.
The first time I encountered this, I wasn't as bright and just rebooted.
How is that sort of thing done and how do I keep it from happening again?
I the meantime, how do I blacklist those addresses?
On 26 Sep 2023, at 18:07, Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
How is that sort of thing done and how do I keep it from happening again?
There are products that will help protect you. take more care about the links you click on is good advice.
I the meantime, how do I blacklist those addresses?
Black listing is mostly pointless as the same malware will be offered up on many addresses that change over time, minute to minute in some cases.
Barry
On Tue, 26 Sep 2023 12:06:46 -0500 (CDT) Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
I stumbled onto a very bad website: d1ykbfcai6wsme dot cloudfront dot net slash werrx01 slash phone=+1 dash 888 dash 387 dash 3976 &# .
firefox went fullscreen and kept telling me that my computer was locked because, without my knowledge,
The mouse would only show up on the always-on-top window of an expired timer.
How is that sort of thing done and how do I keep it from happening again?
I think it is done by running javascript through your version of firefox. Do you have noscript add-on installed? That will block any javascript from a site, and you will have to turn on the urls that you want to be able to run javascript. I'm not sure how effective that would be in this case, since cloudfront.net is often needed because many sites use it as their host. But, I expect that the problem url would show up differently in noscript, and you would be able to leave it disabled. Usually, cloudfront.net is disabled automatically for other urls. I'm not willing to test that expectation, for obvious reasons. :-)
You could test whether this is the solution by installing noscript, shutting down and restarting firefox to clear the cache of allowed sites (that is a setting in the privacy tab), and then visiting the site again. The site should be blocked, and you can click on the noscript icon to see the list of urls that have been blocked from running javascript. If you want to experience the thrill again, you can allow javascript from the above problem address for confirmation. Then, turn it off, and the recovery is what you have already discovered.
On Wed, 27 Sep 2023, stan via users wrote:
On Tue, 26 Sep 2023 12:06:46 -0500 (CDT) I think it is done by running javascript through your version of firefox. Do you have noscript add-on installed? That will block any
Noscript was already installed nand active. It did not complain.
javascript from a site, and you will have to turn on the urls that you want to be able to run javascript. I'm not sure how effective that would be in this case, since cloudfront.net is often needed because many sites use it as their host. But, I expect that the problem url would show up differently in noscript, and you would be able to leave it disabled. Usually, cloudfront.net is disabled automatically for other urls. I'm not willing to test that expectation, for obvious reasons. :-)
I'm not clear on what this means. The url window showed .cloudfront.net .
You could test whether this is the solution by installing noscript, shutting down and restarting firefox to clear the cache of allowed sites (that is a setting in the privacy tab), and then visiting the site again. The site should be blocked, and you can click on the
I already had noscript installed and it did not complain.
noscript icon to see the list of urls that have been blocked from running javascript. If you want to experience the thrill again, you can allow javascript from the above problem address for confirmation. Then, turn it off, and the recovery is what you have already discovered.
Once the site was active, all I could click on was an always-on application that was already running. The site seemed to have made firefox fullscreen and turned off all its buttons.
Javascript is client-side, correct? The problem went away after disabling networking.
Is there a way to tell firefox never to let a website take it fullscreen? Failing that, is there a way to tell firefox to never go fullscreen at all?
On Sat, Sep 30, 2023 at 11:19 AM Michael Hennebry < hennebry@web.cs.ndsu.nodak.edu> wrote:
On Wed, 27 Sep 2023, stan via users wrote:
On Tue, 26 Sep 2023 12:06:46 -0500 (CDT) I think it is done by running javascript through your version of firefox. Do you have noscript add-on installed? That will block any
Noscript was already installed nand active. It did not complain.
Many legit sites use cloudfront.net. Read about it on wikipedia.
javascript from a site, and you will have to turn on the urls that you want to be able to run javascript. I'm not sure how effective that would be in this case, since cloudfront.net is often needed because many sites use it as their host. But, I expect that the problem url would show up differently in noscript, and you would be able to leave it disabled. Usually, cloudfront.net is disabled automatically for other urls. I'm not willing to test that expectation, for obvious reasons. :-)
I'm not clear on what this means. The url window showed .cloudfront.net .
Web search for "cloudfront.net malware" gets lots of hits, some from legit sites. https://malwaretips.com/blogs/cloudfront-net-virus-removal/ seems to provide good information, but doesn't cover mitigation steps for linux.
< https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malw...
has good advice.
You could test whether this is the solution by installing noscript, shutting down and restarting firefox to clear the cache of allowed sites (that is a setting in the privacy tab), and then visiting the site again. The site should be blocked, and you can click on the
I already had noscript installed and it did not complain.
noscript icon to see the list of urls that have been blocked from running javascript. If you want to experience the thrill again, you can allow javascript from the above problem address for confirmation. Then, turn it off, and the recovery is what you have already discovered.
Once the site was active, all I could click on was an always-on application that was already running. The site seemed to have made firefox fullscreen and turned off all its buttons.
Javascript is client-side, correct? The problem went away after disabling networking.
Is there a way to tell firefox never to let a website take it fullscreen? Failing that, is there a way to tell firefox to never go fullscreen at all?
This is trying to cure the disease by eliminating a symptom. You don't know what is happening behind that full screen.
On Sat, 30 Sep 2023, George N. White III wrote:
On Sat, Sep 30, 2023 at 11:19?AM Michael Hennebry < hennebry@web.cs.ndsu.nodak.edu> wrote:
This is trying to cure the disease by eliminating a symptom. You don't know what is happening behind that full screen.
Going fullscreen is part if what makes it hard to even try to make it go away.
The malware does three things: 1. It shows an image. 2. It goes fullscreen. 3. It disables buttons.
Preventing 1 would seem a really bad idea. I'd like to prevent 2 or 3.
On 10/05/2023 12:10 PM, Michael Hennebry wrote:
Going fullscreen is part if what makes it hard to even try to make it go away.
It sounds like you may need an indirect approach. Can you get to a different virtual console? If so, you may be able to find and kill the malware using top. If not, try killing the browser and seeing what else goes away. And, there's nothing wrong with treating a disease (which this is) by treating the symptoms; that's the classic way of treating cholera: the infection itself isn't what does you in, it's the dehydration it causes.
On Thu, Oct 5, 2023 at 1:11 PM Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
On Sat, 30 Sep 2023, George N. White III wrote:
On Sat, Sep 30, 2023 at 11:19?AM Michael Hennebry < hennebry@web.cs.ndsu.nodak.edu> wrote:
This is trying to cure the disease by eliminating a symptom. You don't know what is happening behind that full screen.
Going fullscreen is part if what makes it hard to even try to make it go away.
The malware does three things:
- It shows an image.
- It goes fullscreen.
- It disables buttons.
Preventing 1 would seem a really bad idea. I'd like to prevent 2 or 3.
Did you try alt-tab to switch to another application (say a terminal) to kill the tab from the command line?
I don't think the full screen trick inside firefox can stop that, and I think I have hit a few of these half-assed websites before, but alt-tab must have worked for me to bypass them and kill the tab.
On Thu, 5 Oct 2023, Roger Heflin wrote:
On Thu, Oct 5, 2023 at 1:11?PM Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
On Sat, 30 Sep 2023, George N. White III wrote:
On Sat, Sep 30, 2023 at 11:19?AM Michael Hennebry < hennebry@web.cs.ndsu.nodak.edu> wrote:
This is trying to cure the disease by eliminating a symptom. You don't know what is happening behind that full screen.
Going fullscreen is part if what makes it hard to even try to make it go away.
The malware does three things:
- It shows an image.
- It goes fullscreen.
- It disables buttons.
Preventing 1 would seem a really bad idea. I'd like to prevent 2 or 3.
Did you try alt-tab to switch to another application (say a terminal) to kill the tab from the command line?
I don't think the full screen trick inside firefox can stop that, and I think I have hit a few of these half-assed websites before, but alt-tab must have worked for me to bypass them and kill the tab.
I can switch to another virtual console, but do not know how to kill just one tab. I can got out of it by disconnecting the ethernet cable, but would rather disconnect with the GUI.
FF doesn't provide the fidelity to kill 'just one tab'.
On Thursday, October 5, 2023 at 10:06:30 PM EDT, Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
On Thu, 5 Oct 2023, Roger Heflin wrote:
On Thu, Oct 5, 2023 at 1:11?PM Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
On Sat, 30 Sep 2023, George N. White III wrote:
On Sat, Sep 30, 2023 at 11:19?AM Michael Hennebry < hennebry@web.cs.ndsu.nodak.edu> wrote:
This is trying to cure the disease by eliminating a symptom. You don't know what is happening behind that full screen.
Going fullscreen is part if what makes it hard to even try to make it go away.
The malware does three things:
- It shows an image.
- It goes fullscreen.
- It disables buttons.
Preventing 1 would seem a really bad idea. I'd like to prevent 2 or 3.
Did you try alt-tab to switch to another application (say a terminal) to kill the tab from the command line?
I don't think the full screen trick inside firefox can stop that, and I think I have hit a few of these half-assed websites before, but alt-tab must have worked for me to bypass them and kill the tab.
I can switch to another virtual console, but do not know how to kill just one tab. I can got out of it by disconnecting the ethernet cable, but would rather disconnect with the GUI.
Technically it does, you just have to figure out what the os process is and kill it, each tab is a separate os process. I have killed weather channel with kill -9 many times(it is easy to find it as it leaks ram and is the only multiple-gb firefox thread).
If you have a 2nd firefox window open (and can switch to it) then you can do "about:performance" it will list all of the separate processes/tabs and you can click on X and that one tab goes empty/stops and you can go back to the original firefox window and x the tab itself without reloading it.
On Thu, Oct 5, 2023 at 9:10 PM Joe Wulf via users users@lists.fedoraproject.org wrote:
FF doesn't provide the fidelity to kill 'just one tab'.
On Thursday, October 5, 2023 at 10:06:30 PM EDT, Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
On Thu, 5 Oct 2023, Roger Heflin wrote:
On Thu, Oct 5, 2023 at 1:11?PM Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
On Sat, 30 Sep 2023, George N. White III wrote:
On Sat, Sep 30, 2023 at 11:19?AM Michael Hennebry < hennebry@web.cs.ndsu.nodak.edu> wrote:
This is trying to cure the disease by eliminating a symptom. You don't know what is happening behind that full screen.
Going fullscreen is part if what makes it hard to even try to make it go away.
The malware does three things:
- It shows an image.
- It goes fullscreen.
- It disables buttons.
Preventing 1 would seem a really bad idea. I'd like to prevent 2 or 3.
Did you try alt-tab to switch to another application (say a terminal) to kill the tab from the command line?
I don't think the full screen trick inside firefox can stop that, and I think I have hit a few of these half-assed websites before, but alt-tab must have worked for me to bypass them and kill the tab.
I can switch to another virtual console, but do not know how to kill just one tab. I can got out of it by disconnecting the ethernet cable, but would rather disconnect with the GUI.
-- Michael hennebry@mail.cs.ndsu.NoDak.edu "Occasionally irrational explanations are required" -- Luke Roman
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On 10/05/2023 08:05 PM, Michael Hennebry wrote:
I can switch to another virtual console, but do not know how to kill just one tab. I can got out of it by disconnecting the ethernet cable, but would rather disconnect with the GUI.
I don't think that you can kill one tab or one window, but killing the browser will at least let you continue without rebooting.
On Thu, 2023-10-05 at 21:05 -0500, Michael Hennebry wrote:
I can switch to another virtual console, but do not know how to kill just one tab. I can got out of it by disconnecting the ethernet cable, but would rather disconnect with the GUI.
I always set up the kill the X server hotkey sequence of CTRL+ALT+BACKSPACE as a way to quickly terminate rogue graphical things without going through a full reboot, you're just logged out. Typically that's something like a broken MPEG or AVI file that has deadlooped a codec or media player hard, for me, but occasionally a program has crashed hard by itself.
It's a pity there isn't a hotkey for killing just the frontmost/topmost program. ALT+F4 will close the top/front window, if they're obeying control, but I mean instantly killing the topmost window despite what it wants. There's a force quit taskbar app for that (on Mate, at least), click on it, then click on the window you want to kill. But that can be hard to do if something is really hammering the CPU with a heavy load.
Of course you lose all tabs open in a browser, and if your browser is set to re-open previous tabs you're back to square one.
Firefox will close the current tab or window if you hit CTRL+W. Though if the site has set up an OnClose event you might have a battle with it respawning some other annoying thing as it closes. Likewise, if it's pegging your CPU at 100% usage it can be hard to get control.
On 10/05/2023 09:15 PM, Tim via users wrote:
It's a pity there isn't a hotkey for killing just the frontmost/topmost program. ALT+F4 will close the top/front window, if they're obeying control, but I mean instantly killing the topmost window despite what it wants. There's a force quit taskbar app for that (on Mate, at least), click on it, then click on the window you want to kill. But that can be hard to do if something is really hammering the CPU with a heavy load.
Just install xkill and put an icon for it on your taskbar. It's DE agnostic and kills rogue windows just fine.
On Thu, 5 Oct 2023, Joe Zeff wrote:
On 10/05/2023 09:15 PM, Tim via users wrote:
It's a pity there isn't a hotkey for killing just the frontmost/topmost program. ALT+F4 will close the top/front window, if they're obeying control, but I mean instantly killing the topmost window despite what it wants. There's a force quit taskbar app for that (on Mate, at least), click on it, then click on the window you want to kill. But that can be hard to do if something is really hammering the CPU with a heavy load.
Just install xkill and put an icon for it on your taskbar. It's DE agnostic and kills rogue windows just fine.
That might work if I could get to it, but with the malware doing its thing, no go. I can delete just one tab if I disconnect from the internet. For now, that means disconnecting a cable, as I cannot use the network icon either. Hence the desire to keep malware from going fullscreen.
Also, disconnection might not work on a similar attack done with client-side scripting. In that case, I might have to directly kill a process. I can do that from another console, but do not know how to select the process of the rogue tab.
IIRC xkill kills an application, not necessarily a single process. For the most recent malware, that is overkill. To kill firefox, I might be able to use xkill started from another console. Using top and plain kill seems simpler.
BTW SIGSTOPping firefox did not work either. It quit talking to me, but would not leave fullscreen mode.
On 10/6/23 07:58, Michael Hennebry wrote:
On Thu, 5 Oct 2023, Joe Zeff wrote:
On 10/05/2023 09:15 PM, Tim via users wrote:
It's a pity there isn't a hotkey for killing just the frontmost/topmost program. ALT+F4 will close the top/front window, if they're obeying control, but I mean instantly killing the topmost window despite what it wants. There's a force quit taskbar app for that (on Mate, at least), click on it, then click on the window you want to kill. But that can be hard to do if something is really hammering the CPU with a heavy load.
Just install xkill and put an icon for it on your taskbar. It's DE agnostic and kills rogue windows just fine.
That might work if I could get to it, but with the malware doing its thing, no go. I can delete just one tab if I disconnect from the internet. For now, that means disconnecting a cable, as I cannot use the network icon either. Hence the desire to keep malware from going fullscreen.
Also, disconnection might not work on a similar attack done with client-side scripting. In that case, I might have to directly kill a process. I can do that from another console, but do not know how to select the process of the rogue tab.
What would happen if you disconnected from the network just long enough to change the settings on the browser to NOT open new pages in a tab but instead to do it the old-fashioned way: open new pages in their own window. You might be able to X the malware window or at least identify it with ps so you could manually kill it by PID.
On Fri, 6 Oct 2023, Mike Wright wrote:
What would happen if you disconnected from the network just long enough to change the settings on the browser to NOT open new pages in a tab but instead to do it the old-fashioned way: open new pages in their own window. You might be able to X the malware window or at least identify it with ps so you could manually kill it by PID.
As it is, if I disconnect from the network, I can remove the offending tab, but I have to play with wires. I'd rather not.
I am surprised that alt-tab does not switch to another app for you. I have used that to switch out of full screen applications and I would not expect firefox/malware to have any way to make the window be able to truly take over the screen.
In firefox about:config there are some options that might prevent full screen from hiding the window manager controls even in full screen. about:confg and search for fullscreen (browser.fullscreen.autohide defaults to true).
On Fri, Oct 6, 2023 at 3:50 PM Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
On Fri, 6 Oct 2023, Mike Wright wrote:
What would happen if you disconnected from the network just long enough to change the settings on the browser to NOT open new pages in a tab but instead to do it the old-fashioned way: open new pages in their own window. You might be able to X the malware window or at least identify it with ps so you could manually kill it by PID.
As it is, if I disconnect from the network, I can remove the offending tab, but I have to play with wires. I'd rather not.
-- Michael hennebry@mail.cs.ndsu.NoDak.edu "Occasionally irrational explanations are required" -- Luke Roman _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Fri, 6 Oct 2023, Roger Heflin wrote:
I am surprised that alt-tab does not switch to another app for you. I
If it happens again, I'll try it. I'd forgotten all about it. Do not rmember the last time I used it.
have used that to switch out of full screen applications and I would not expect firefox/malware to have any way to make the window be able to truly take over the screen.
keep a second firefox window open, alt-tab to it run about:performance and it will list out all of your tabs and you can X a specific tab.
Try about:performance I have to use it a lot to figure out which tab lost its mind and is slowing everything down because it decided it needs gb's of ram.
On Fri, Oct 6, 2023 at 4:05 PM Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
On Fri, 6 Oct 2023, Roger Heflin wrote:
I am surprised that alt-tab does not switch to another app for you. I
If it happens again, I'll try it. I'd forgotten all about it. Do not rmember the last time I used it.
have used that to switch out of full screen applications and I would not expect firefox/malware to have any way to make the window be able to truly take over the screen.
-- Michael hennebry@mail.cs.ndsu.NoDak.edu "Occasionally irrational explanations are required" -- Luke Roman _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Sat, 30 Sep 2023 09:18:59 -0500 (CDT) Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
Noscript was already installed nand active. It did not complain.
I'm not clear on what this means. The url window showed .cloudfront.net .
I already had noscript installed and it did not complain.
Then you have cloudfront.net whitelisted in noscript. The only way to block javascript is by having it turned off for a site when you first visit it. If you have it whitelisted, the javascript runs before you have a chance to intercept.
I do not have any of the cloud servers whitelisted. When a site comes up, if it isn't a site I've visited before, I check the list of third party sites that are blocked. If there is a cloud server site there, I usually click to temporarily allow it, if the site seems legitimate. Is this disruptive to smooth web browsing, does it take work / effort? Yes. But that is the nature of security. If you don't want to do this, then you need to install something like ublock-origin, that you can tune to specific websites. It also blocks javascript, but requires more effort because it is more fine grained (to specific site and even subdomains). So, more work up front, but then should do the right thing from then on. I don't visit so many unknown sites that I bother doing this.
Once the site was active,
The javascript has already run in order for the site to be active.
all I could click on was an always-on application that was already running. The site seemed to have made firefox fullscreen and turned off all its buttons.
Javascript is client-side, correct?
It is fetched from the web site and run client side if it has permission.
The problem went away after disabling networking.
I wonder if it was downloading the content of your computer that firefox had access to, maybe your history or your bookmarks, etc. Or maybe, it had set up the javascript to run continuously, downloading in a loop from its website. Any application monitoring the web connection could show this if it was allowed to run.
Is there a way to tell firefox never to let a website take it fullscreen? Failing that, is there a way to tell firefox to never go fullscreen at all?
I'm not aware of a way, but if you ask on the mozilla forums, there are some really knowledgeable people there who might know a way. There are a *lot* of settings in about:config, and without application knowledge it is really hard to tell what they actually do. As George said, this is not solving the problem though. The javascript might just ignore, or issue a warning, if it can't specify fullscreen.
I can't remember, were you able to bring up a console (Ctrl-Alt-[F2-F6])? If you could get to a console, you could use ps or top to see what is running and top or kill to kill applications (like firefox), iotop to see what web traffic is doing. Look in the journal, etc. My understanding is that javascript designed for guis can't run there, so you would not be blocked from any access.
On Sat, 30 Sep 2023 09:18:59 -0500 (CDT) Michael Hennebry hennebry@web.cs.ndsu.nodak.edu wrote:
On Wed, 27 Sep 2023, stan via users wrote:
On Tue, 26 Sep 2023 12:06:46 -0500 (CDT) I think it is done by running javascript through your version of firefox. Do you have noscript add-on installed? That will block any
Noscript was already installed nand active. It did not complain.
javascript from a site, and you will have to turn on the urls that you want to be able to run javascript. I'm not sure how effective that would be in this case, since cloudfront.net is often needed because many sites use it as their host. But, I expect that the problem url would show up differently in noscript, and you would be able to leave it disabled. Usually, cloudfront.net is disabled automatically for other urls. I'm not willing to test that expectation, for obvious reasons. :-)
I'm not clear on what this means. The url window showed .cloudfront.net .
You could test whether this is the solution by installing noscript, shutting down and restarting firefox to clear the cache of allowed sites (that is a setting in the privacy tab), and then visiting the site again. The site should be blocked, and you can click on the
I already had noscript installed and it did not complain.
noscript icon to see the list of urls that have been blocked from running javascript. If you want to experience the thrill again, you can allow javascript from the above problem address for confirmation. Then, turn it off, and the recovery is what you have already discovered.
Once the site was active, all I could click on was an always-on application that was already running. The site seemed to have made firefox fullscreen and turned off all its buttons.
Javascript is client-side, correct? The problem went away after disabling networking.
Is there a way to tell firefox never to let a website take it fullscreen? Failing that, is there a way to tell firefox to never go fullscreen at all?
An alternative that you could use when visiting dodgy sites is to use firefox profiles. It is as if you are running as a different user when you use one. /usr/bin/firefox --new-instance --ProfileManager will allow you to select, create, and delete profiles. You could create one called darkweb, that has everything locked down, and use it only for visiting dodgy sites. And even then, you could also use a container tab within it, so it is very restricted in its actions and access. Because these profiles are separate instances of firefox, you have to install all the add-ons and customizations for each one. Otherwise, you just get a default firefox instance.
I also use them in the opposite way, when I know a website is legitimate, I reduce the security for that site in that profile. On sites like youtube, this helps restrict tracking (a little) when going into the belly of the beast (Google).