Open Bug 1361653 Opened 4 years ago Updated 2 years ago
Opening tel: links in an infinite loop slows down Firefox for Android
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 Steps to reproduce: 1.Open the site https://laraweron.mysit.ru/dos23.html 2.If problems occur, restart your phone. Actual results: The browser opens the link of tel:999, trying to call the number. This function is placed in an infinite loop, because of this the browser constantly opens the link. Expected results: Attention before testing, close all important applications.
Tested in Firefox, 53. The browser opens an infinite number of Windows, filling all the memory
Summary: Infinite cycle. (Dos) In OS Android → Infinite cycle. (Dos) OC Andriod and Windows
tel: on Android is maybe a new wrinkle, but this type of DOS is known and doesn't need to be hidden.
On Android 7.2 with an Nexus 5x this gets the phone laggy but does not crash the OS or Firefox in 5 min. I was eventually able to swipe close Firefox / Dialer apps. Not auto launching tel: sms: mms: seems sensible.
OS: Unspecified → Android
Priority: -- → P3
Hardware: Unspecified → All
The bug is publicly available and can cause inconvenience to users, please correct this vulnerability.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Infinite cycle. (Dos) OC Andriod and Windows → Opening tel: links in an infinite loop slows down Firefox for Android
How are these links opened? By click? By iframe? The demo page is not available anymore. A couple of comments: - if the tel: URLs are opened via iframes, these is not possible anymore because of 167475. - if the page simulates a click on a anchor element, we could use the popup blocker algorithm. I need more data to know how to proceed. Thanks.
You need to log in before you can comment on or make changes to this bug.