Open Bug 1077089 Opened 11 years ago Updated 3 years ago

EventSource in JS can be flooded and Firefox totally freezes

Categories

(Core :: DOM: Core & HTML, defect, P5)

Product:
Core
Component:
DOM: Core & HTML
Version:
32 Branch
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: bug, Unassigned)

Details

(Keywords: csectype-dos)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Build ID: 20140925003805 Steps to reproduce: I wrote a PHP Script which infinitly sends Server Sent Events to the Client. The client should append my message to the body. Client freezes almost immediately. Actual results: Firefox totally freezes. Can only be reset by process killing. Expected results: The JavaScript-Engine should stop receiving messages.
Component: JavaScript Engine → DOM
Does the browser crash or just become unresponsive? Can you attach the PHP script so we can use it as a test case?
Flags: needinfo?(bug)
> The JavaScript-Engine should stop receiving messages. Why? How is this different from just having a script that appends stuff to the body in a loop?
Hey, to provoke the failure I used the following script: <?php header('Content-Type: text/event-stream'); header('Cache-Control: no-cache'); while(true) { echo "id: 1" . PHP_EOL; echo "data: ". time() . PHP_EOL; echo PHP_EOL; ob_flush(); flush(); } ?> The JavaScript is the normal var source = new EventSource('./yourScript.php'); source.onmessage = function(e) { document.body.innerHTML += e.data + '<br>'; } }; It is different to appending stuff to the body from a JavaScript-Loop in the way that your browser automatically slows the JavaScript down when it can not handle all the appending (I've tried that without any influence to the overall performance). But when it is flooded from the web via Server Sent Events, it seems to handle that differently. I tried it with Firefox under Arch Linux and Windows Vista. Both seem to be vulnerable. When I use Chrome for it (even on my smartphone) it stops executing the Script.
Flags: needinfo?(bug)
Group: core-security
Keywords: csectype-dos
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.