Open Bug 1361653 Opened 4 years ago Updated 2 years ago

Opening tel: links in an infinite loop slows down Firefox for Android

Categories

(Core :: DOM: Navigation, defect, P3)

54 Branch
All
Android
defect

Tracking

()

People

(Reporter: Laraweron, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-dos, Whiteboard: [sg:dos])

User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36

Steps to reproduce:

1.Open the site https://laraweron.mysit.ru/dos23.html
2.If problems occur, restart your phone.


Actual results:

The browser opens the link of tel:999, trying to call the number. This function is placed in an infinite loop, because of this the browser constantly opens the link.


Expected results:

Attention before testing, close all important applications.
Tested in Firefox, 53.
The browser opens an infinite number of Windows, filling all the memory
Summary: Infinite cycle. (Dos) In OS Android → Infinite cycle. (Dos) OC Andriod and Windows
tel: on Android is maybe a new wrinkle, but this type of DOS is known and doesn't need to be hidden.
Blocks: eviltraps
Group: firefox-core-security
Component: General → Document Navigation
Keywords: csectype-dos
Product: Firefox for Android → Core
Whiteboard: [sg:dos]
On Android 7.2 with an Nexus 5x this gets the phone laggy but does not crash the OS or Firefox in 5 min. I was eventually able to swipe close Firefox / Dialer apps. Not auto launching tel: sms: mms: seems sensible.
OS: Unspecified → Android
Priority: -- → P3
Hardware: Unspecified → All
The bug is publicly available and can cause inconvenience to users, please correct this vulnerability.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Infinite cycle. (Dos) OC Andriod and Windows → Opening tel: links in an infinite loop slows down Firefox for Android
How are these links opened? By click? By iframe? The demo page is not available anymore.

A couple of comments:

- if the tel: URLs are opened via iframes, these is not possible anymore because of 167475.
- if the page simulates a click on a anchor element, we could use the popup blocker algorithm.

I need more data to know how to proceed. Thanks.
Flags: needinfo?(Laraweron)

(In reply to Andrea Marchesini [:baku] from comment #5)

Как открываются эти ссылки? По клику? По iframe? Демо-страница больше не
доступна.

Пара комментариев:

  • если тел: URL открываются через iframes, это больше невозможно из-за
  • если страница имитирует щелчок элемента привязки, мы могли бы использовать
    алгоритм блокировки всплывающих окон.

Мне нужно больше данных, чтобы знать, как действовать. Благодарю.

Hello,
As you and asked putting working version of code. The bug is still faulty

<html>
<body>
<script>
for(i=1;i<100000;i++){
var link = document.createElement('a');
link.href ='tel:999';
document.body.appendChild(link);
link.click();
}
</script>
</body>
</html>

Flags: needinfo?(Laraweron)
You need to log in before you can comment on or make changes to this bug.