Closed Bug 1081971 Opened 11 years ago Closed 8 months ago

This script can make browser completely unresponsive and hangs it

Categories

(Core :: JavaScript: GC, defect)

Product:
Core
Component:
JavaScript: GC
Version:
26 Branch
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: infinityimagine111, Unassigned)

Details

(Keywords: csectype-dos, Whiteboard: DUPEME)

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0 Build ID: 20131206151508 Steps to reproduce: Hi, Visitng a webpage where this javascript is embedded <script> document.location = 'data:text/html,\<script\>document.location += document.location + document.location\</script\>'; </script> Can crash all version of chrome on both linux and windows. Actual results: The broswer completely hangs consuming all memory. The script makes high number of redirection which firefox is not capable to handle thus makes it completely unresponsive and the only option left is to forse close the browser. Expected results: There must some limitation from browser for example 100 redirection in a minute in a tab. Or, the tab that opened the page must only crash not the whole browser.
This is a variation on the exponentially-growing-strings DoS. Sandboxing will limit the crash to the malicious tab.
Group: core-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: csectype-dos
Whiteboard: DUPEME
Component: Untriaged → JavaScript: GC
Product: Firefox → Core
Severity: normal → S3

This seems to be blocked now.

Status: NEW → RESOLVED
Closed: 8 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.