Closed Bug 1334439 Opened 7 years ago Closed 7 years ago

Denial of Service

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
50 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 380223

People

(Reporter: mishra.dhiraj95, Unassigned)

Details

Attachments

(1 file, 1 obsolete file)

updated_dosme.html
929 bytes, text/html
Details
Attached file dosme.html (obsolete) — 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Build ID: 20161208153507

Steps to reproduce:

Works for me in All OS and various versions.

Steps to reproduce :

1. Open http://hackies.in/dosme.html
OR 
dosme.html attached below
Click - ClickMe 

Browser freeze ups.
Attached file updated_dosme.html 
Please ignore the attached file please use updated file for reproduce:
Attachment #8831091 - Attachment is obsolete: true
The testcase has 3 nested loops which loop:

* 0x8964 (~35000 in decimal) times
* 3 times
* ~200-300 times (depending on the element) for the attributes

which means we call document.write with ~ 20-odd characters 35000 * 3 * 200 = 20,000,000 times.

Which means this is basically bug 380223 - you're looping through document.write and the loop increments slowly enough that you see a hang, rather than an OOM crash (which would happen if your loops were adding more elements (ie increasing memory usage) per iteration). Either way, still a dupe of 380223.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: