### Security Approval Request * **How easily could an exploit be constructed based on the patch?**: Easy to construct a page to trigger the DOS. I kept the tests in the same commit too for now as this is rated sec-low, but please advise if we should land separately. * **Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?**: Yes * **Which older supported branches are affected by this flaw?**: All of them * **If not all supported branches, which bug introduced the flaw?**: None * **Do you have backports for the affected branches?**: No * **If not, how different, hard to create, and risky will they be?**: Easy to create backports. Risk is low. * **How likely is this patch to cause regressions; how much testing does it need?**: Unlikely to cause regressions, but basic testing of popup prompts is required.
Bug 1701673 Comment 4 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
### Security Approval Request * **How easily could an exploit be constructed based on the patch?**: Easy to construct a page to trigger the DOS. I kept the tests in the same commit too for now as this is rated sec-low, but please advise if we should land separately. * **Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?**: Yes, the sec-low DOS attack can likely be inferred from the patch. * **Which older supported branches are affected by this flaw?**: All of them * **If not all supported branches, which bug introduced the flaw?**: None * **Do you have backports for the affected branches?**: No * **If not, how different, hard to create, and risky will they be?**: Easy to create backports. Risk is low. * **How likely is this patch to cause regressions; how much testing does it need?**: Unlikely to cause regressions, but basic testing of popup prompts is required.