Last Comment Bug 1312836 - browser takeover/denial of service via data URI and HTTP authentication dialog
: browser takeover/denial of service via data URI and HTTP authentication dialog
Status: RESOLVED DUPLICATE of bug 1312243
:
Product: Core
Classification: Components
Component: Security (show other bugs)
: unspecified
: Unspecified Unspecified
-- major (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
: Wennie
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-25 11:58 PDT by Vladimir Vukicevic [:vlad] [:vladv] (not actively reading bugmail))
Modified: 2016-10-26 08:54 PDT (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
site image (502.95 KB, image/png)
2016-10-25 11:58 PDT, Vladimir Vukicevic [:vlad] [:vladv] (not actively reading bugmail))
no flags Details
takeover.txt (102.15 KB, text/plain)
2016-10-25 11:58 PDT, Vladimir Vukicevic [:vlad] [:vladv] (not actively reading bugmail))
no flags Details
takeover-decoded.txt (76.59 KB, text/plain)
2016-10-25 11:58 PDT, Vladimir Vukicevic [:vlad] [:vladv] (not actively reading bugmail))
no flags Details

Description User image Vladimir Vukicevic [:vlad] [:vladv] (not actively reading bugmail)) 2016-10-25 11:58:26 PDT
Created attachment 8804397 [details]
site image

This has started making the rounds... this site creates a ton of HTTP auth dialogs via iframes, which we display as modal dialogs on Windows.  This locks you entirely out of your browser; you can't even right-click close it on the task bar -- need to kill the process.  They also seem to constantly reload the URL that's requesting the auth, and we queue up each of those auth requests so that you get a constant stream of "Authentication Required" dialogs.  If you wait it out it seems to stop eventually, but only after cancelling a few dialogs.

I've attached the data URI and the decoded contents here.

Sample URL that redirects you to this data URL: hxxp://git.believinghx.bid/?id=KzEgKDg4OCkgMjY0LTg2MTY
Comment 1 User image Vladimir Vukicevic [:vlad] [:vladv] (not actively reading bugmail)) 2016-10-25 11:58:43 PDT
Created attachment 8804398 [details]
takeover.txt
Comment 2 User image Vladimir Vukicevic [:vlad] [:vladv] (not actively reading bugmail)) 2016-10-25 11:58:58 PDT
Created attachment 8804399 [details]
takeover-decoded.txt
Comment 3 User image Vladimir Vukicevic [:vlad] [:vladv] (not actively reading bugmail)) 2016-10-25 12:00:45 PDT
Note -- Chrome is not affected because their auth dialogs are not modal.  Going to the URL returns a different URL on chrome, that just pops up an alert() with spew about "There was a dangerous try blah blah blah".  It keeps popping up the alert() [which is modal, still?!], but you can set "prevent this site from creating additional dialogs" and close the tab.
Comment 4 User image :Gijs 2016-10-26 06:48:17 PDT

*** This bug has been marked as a duplicate of bug 1312243 ***

Note You need to log in before you can comment on or make changes to this bug.