Closed Bug 1361047 Opened 7 years ago Closed 3 years ago

System Crash (DoS) due to Mozilla Firefox Browser

Categories

(Core Graveyard :: Plug-ins, defect, P5)

52 Branch
defect

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: mohdaqeelasif, Unassigned)

Details

(Keywords: csectype-dos)

Attachments

(1 file)

1.03 KB, application/x-shockwave-flash
Details
Attached file CS.swf
User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170417065206

Steps to reproduce:

1. Install and setup XAMPP
2. Upload CS.SWF file to XAMPP htdocs folder (check attachments 
3. Browse to CS.SWF file and embed ?js=alert(/Bang/);// parameter to it
http://localhost/CS.SWF?js=alert(/Bang/);//
4. Now observe that Resource utilization increases rapidly and the system would crash


Actual results:

When "CS.SWF" flash files are getting executed in firefox browser, a process called "Plugin Container for Firefox" is being created and starts consuming more resources than it should resulting in system crash.
Group: firefox-core-security → core-security
Component: Untriaged → Plug-ins
Product: Firefox → Core
It's pretty easy to create pages that will consume the entire system, and so we don't treat those a security issues which need to be hidden. I will keep this bug open, but I suggest that it's probably more appropriate to file this with Adobe, since it's the Adobe Flash plugin that's actually the problem in this case.
Group: core-security
Keywords: csectype-dos
Priority: -- → P5
Resolving as wont fix, plugin support deprecated in Firefox 85.
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: