Closed Bug 1354168 Opened 7 years ago Closed 7 years ago

Maximum number of allowed pop-ups can be bypassed

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 675574

People

(Reporter: mail, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Proof of concept (three files)
54.62 KB, application/zip
Details 
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170323105023

Steps to reproduce:

The victim has to call JavaScript via a trusted event like a click on a button to show pop-up windows.


Actual results:

In case of a trusted event (e.g., click), we are able to open an arbitrary number of pop-up windows. Though "dom.popup_maximum" (about:config) has a maximum number of 20 pop-up windows, we can for example create 100 pop-up windows and thus flood the browser with an arbitrary number of windows.


Expected results:

There should be only allowed the defined number (20) of windows.
Please note that this could be used by the advertisement industry to bypass the pop-up blocker behavior. Furthermore, an attacker could simply annoy the user (long wait times until the browser responds/ many windows) by flooding his browser with windows (with pop-ups or tabs).
I'm pretty sure we have a dupe on this
Blocks: eviltraps
Group: firefox-core-security
Whiteboard: DUPEME
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: