Closed
Bug 1167023
Opened 10 years ago
Closed 7 years ago
Site can lock up the browser
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 675574
People
(Reporter: sworddragon2, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-dos)
Attachments
(1 file, 2 obsolete files)
|
1.45 KB,
application/xhtml+xml
|
Details |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150513181056
Steps to reproduce:
1. Open the testcase in the attachments.
2. Click the button.
Actual results:
The site normally prevents to (there may be race conditions to get the control back):
- Closing all of its tabs.
- Closing the browser (except if the process gets terminated).
- Focusing the address bar.
- Switching to an own tab (for example to disable JavaScript in about:config).
- Opening the context menu in the document.
|
Reporter | |
Comment 1•10 years ago
|
||
Attachment #8608470 -
Attachment is obsolete: true
|
|
Reporter | |
Comment 2•10 years ago
|
||
The testcase seems to not work here well so it must be downloaded and tested locally.
|
|
Reporter | |
Comment 3•10 years ago
|
||
Attachment #8608479 -
Attachment is obsolete: true
|
||
Comment 4•10 years ago
|
||
This is because the page calls window.open from a blur event and somehow the popup blocker does not block the resulting window open.
I actually really don't understand why, all I know is that it's making me kick myself for not fully investigating similar techniques used in bug 1116977. I wonder if this is also programmatically kicking off beforeunloads by closing popups, which then cause blur events, which then break stuff.
|
||
Updated•10 years ago
|
Blocks: eviltraps
Group: core-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: csectype-dos
|
||
Comment 5•9 years ago
|
||
It is reproducible. I am changing the component.
If this component is not the right fit, please change to the appropriate one. Thanks
Component: Untriaged → Tracking
Product: Firefox → Core
QA Contact: chofmann
|
||
Updated•9 years ago
|
Component: Tracking → DOM: Security
QA Contact: chofmann
|
|
||
Updated•9 years ago
|
Component: DOM: Security → DOM
|
||
Comment 6•7 years ago
|
||
Triaging bugs at the moment. This one is an exact duplicate of the annoying window.open() reported within Bug 675574.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•