1313919 - Dependency of JavaScript objects is mis-configured.

Status: RESOLVED DUPLICATE of bug 1263100

(Firefox for Android Graveyard :: General, defect)

Description

[Dhiraj Mishra]

Attachment: POC_JS_Android.zip

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
Build ID: 20161025170400

Steps to reproduce:

Hey Team , 

The bug i want to mention here is a denial of service attack that will not allow any kind of redirection on a page crafted by attacker where we have used hyper-links(ahref). 
The bug can be maliciously used by crafting an HTML file by an attacker and then sending it to the victim clearly showing there is a hyper-link that redirects to lets say (google.com) through status bar but it will not , instead cause denial of service , browser might also hang up. 
I have tested it on the Very Lasted Version of the Mozilla from Android attached screen shot for References 

Reason:
The following script stops the page from being redirected:
window.onbeforeunload = function(){
//Unredirectable Page
setTimeout("window.location=document.location;",0);
}

Demo URL : http://hackies.in/Unredirect-Browsers-Test.html --> I have hosted the Script.


Actual results:

It should redirect me to the new page , where as it don't redirect to a new page and the browsers Hangs up.


Expected results:

I have tested it in Firefox iOS Browser where redirection is occurring.
So dependency of JavaScript objects(window.document) on Href attribute should not be there.
Attached POC for References

Comment 1

[:Gijs (he/him)]

This is gecko code, so no point having two bugs.