Closed Bug 1312836 Opened 8 years ago Closed 8 years ago

browser takeover/denial of service via data URI and HTTP authentication dialog

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1312243

People

(Reporter: vlad, Unassigned)

Details

Attachments

(3 files)

site image
502.95 KB, image/png
Details
takeover.txt
102.15 KB, text/plain
Details
takeover-decoded.txt
76.59 KB, text/plain
Details
Attached image site image
This has started making the rounds... this site creates a ton of HTTP auth dialogs via iframes, which we display as modal dialogs on Windows. This locks you entirely out of your browser; you can't even right-click close it on the task bar -- need to kill the process. They also seem to constantly reload the URL that's requesting the auth, and we queue up each of those auth requests so that you get a constant stream of "Authentication Required" dialogs. If you wait it out it seems to stop eventually, but only after cancelling a few dialogs. I've attached the data URI and the decoded contents here. Sample URL that redirects you to this data URL: hxxp://git.believinghx.bid/?id=KzEgKDg4OCkgMjY0LTg2MTY
Note -- Chrome is not affected because their auth dialogs are not modal. Going to the URL returns a different URL on chrome, that just pops up an alert() with spew about "There was a dangerous try blah blah blah". It keeps popping up the alert() [which is modal, still?!], but you can set "prevent this site from creating additional dialogs" and close the tab.
See Also: → CVE-2017-5419
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
See Also: CVE-2017-5419
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: