Closed Bug 1313918 Opened 8 years ago Closed 8 years ago

Dependency of JavaScript objects is mis-configured.

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
49 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1263100

People

(Reporter: mishra.dhiraj95, Unassigned)

Details

Attachments

(1 file)

POC-JS-Mozilla.zip
157.31 KB, application/zip
Details
Attached file POC-JS-Mozilla.zip 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
Build ID: 20161025170400
Firefox for Android

Steps to reproduce:

Hey Team , 

The bug i want to mention here is a denial of service attack that will not allow any kind of redirection on a page crafted by attacker where we have used hyper-links(ahref). 
The bug can be maliciously used by crafting an HTML file by an attacker and then sending it to the victim clearly showing there is a hyper-link that redirects to lets say (google.com) through status bar but it will not , instead cause denial of service , browser might also hang up. 

Reason:
The following script stops the page from being redirected:
window.onbeforeunload = function(){
//Unredirectable Page
setTimeout("window.location=document.location;",0);
}

Demo URL : hackies.in/Unredirect-Browsers-Test.html --> I have hosted the Script.


Actual results:

Expected results:
It should redirect me to the new page.


Expected results:

I have tested it in Firefox iOS Browser where redirection is occurring.
So dependency of JavaScript objects(window.document) on Href attribute should not be there.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: