Status

()

Firefox
Untriaged
RESOLVED DUPLICATE of bug 380223
11 months ago
11 months ago

People

(Reporter: Dhiraj Mishra, Unassigned)

Tracking

50 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

929 bytes, text/html
Details
(Reporter)

Description

11 months ago
Created attachment 8831091 [details]
dosme.html

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Build ID: 20161208153507

Steps to reproduce:

Works for me in All OS and various versions.

Steps to reproduce :

1. Open http://hackies.in/dosme.html
OR 
dosme.html attached below
Click - ClickMe 

Browser freeze ups.
(Reporter)

Comment 1

11 months ago
Created attachment 8831096 [details]
updated_dosme.html

Please ignore the attached file please use updated file for reproduce:

Updated

11 months ago
Attachment #8831091 - Attachment is obsolete: true

Comment 2

11 months ago
The testcase has 3 nested loops which loop:

* 0x8964 (~35000 in decimal) times
* 3 times
* ~200-300 times (depending on the element) for the attributes

which means we call document.write with ~ 20-odd characters 35000 * 3 * 200 = 20,000,000 times.

Which means this is basically bug 380223 - you're looping through document.write and the loop increments slowly enough that you see a hang, rather than an OOM crash (which would happen if your loops were adding more elements (ie increasing memory usage) per iteration). Either way, still a dupe of 380223.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 380223
You need to log in before you can comment on or make changes to this bug.