1311596 - DOS in browser using window.print() function

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, defect, P3)

Description

[shankar]

Attachment: dos_firefox.mp4

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
Build ID: 20160922113459

Steps to reproduce:

1.Save the below script as html file 

 <html>
<title>DoS</title>
<script>
function test(){
window.onerror=new Function(history.go(window.open(window.print())));
}
 
test();
</script>
</html>

2.Open the html file in firefox browser



Actual results:

Print window will appear again and again causing dos


Expected results:

We should limit the times window.print can happen

Comment 2

[shankar]

Hi,
 marked by bug #1311596 as duplicate of #1311670
Which one is latest? i see that my report id is earlier than you mentioned id,
COuld you confirm

Comment 3

[Daniel Veditz [:dveditz]]

This is a Denial of Service attack. Since the testcase is identical to bug 1311670 (not just the same problem, but the same PoC code) I assume this must be public on a formum somewhere.

Comment 6

[Paul Zühlcke [:pbz]]

Looking into (window) modal prompts I've rediscovered this. While the main print dialog seems to have rate limit logic, the print error messages do not. When window.print() is spammed in a simple while loop these error prompts stack and steal main window focus.

Could be abused similar to Bug 1571003.

PoC here: https://eviltrap. site/trap/print-dialog-dos/ (careful, this will DoS your browser)

Comment 7

[:Gijs (he/him)]

Paul, did this get solved by tab-modal printing?

Comment 8

[Paul Zühlcke [:pbz]]

Yes, should be fixed. I can't reproduce the issue anymore with the PoC from comment 6. Users can simply close the tab now when a site spams window.print.