Closed
Bug 1180976
Opened 9 years ago
Closed 9 years ago
misuse of window.history.go() can result in denial-of-service/crash
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: zimoshe, Unassigned, NeedInfo)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-dos, stackwanted, testcase)
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36
Steps to reproduce:
1. run firefox.exe
2. put in the address bar:
data:text/html,<h1>helll...p</h1><script type="text/javascript">window.history.go()</script>
(can be achieved by making a html to with <a href=... too)
Actual results:
firefox continuously reloading, fully locked down, consumption is up to 50% cpu, but it is still enough to lock the window as a whole and an deterministic (as of now) crash from time to time.
Expected results:
handling history.go() w/ no params properly; rapid reload mitigation
Updated•9 years ago
|
Component: Untriaged → DOM
Product: Firefox → Core
Updated•9 years ago
|
Comment 1•9 years ago
|
||
history.go() with no parameters is the same thing as location.reload().
Doing a bunch of location.reload() will in fact chew up CPU (in all browsers, last I checked; for example in Chrome it prevents even opening the developer tools on the page) but certainly shouldn't cause crashes. Do you have the incident IDs from about:crashes?
Flags: needinfo?(zimoshe)
Unlimited reload works fine in 47.0a1 (2016-02-08) Win10.
Status: NEW → UNCONFIRMED
Ever confirmed: false
Summary: misuse of window.history can result in denial-of-service/crash → misuse of window.history.go() can result in denial-of-service/crash
Comment 3•9 years ago
|
||
Considering needinfo was set 7 months ago -> incomplete. We can reopen if/when we have more details.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•