You can spam popups and make firefox crash and unresponsive

RESOLVED DUPLICATE of bug 675574

Status

()

Core
DOM
RESOLVED DUPLICATE of bug 675574
a year ago
a year ago

People

(Reporter: loofer, Unassigned)

Tracking

(Blocks: 1 bug, {csectype-dos})

53 Branch
csectype-dos
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170504105526

Steps to reproduce:

I did a short JavaScript script in html page which opens endless amount of popups.


Actual results:

It opened endless popups and you can close them only with task manager, firefox becomes laggy and it continues to open pages even when there is no internet connection.


Expected results:

It should ask me before every popup if I want to open it or at least detect that it's endless and warn me.
(Reporter)

Comment 1

a year ago
JS Code for example:
while(1==1)
window.open("index.html","_blank","toolbar=yes,scrollbars=no,resizable=no,top=0,left=-100000,width=10,height=10");
}

Website for testing:

http://www.meshiman.tk

Updated

a year ago
Component: Security → DOM
DUPEME to the bug that says we should limit the number of window.open() calls allowed per user-click. Chrome limits to 1 I believe, but some other small number might be reasonable if legit sites pop open two or three (unlikely, these days).
Blocks: 432687
Group: core-security
Keywords: csectype-dos
(In reply to Daniel Veditz [:dveditz] from comment #2)
> DUPEME to the bug that says we should limit the number of window.open()
> calls allowed per user-click. Chrome limits to 1 I believe, but some other
> small number might be reasonable if legit sites pop open two or three
> (unlikely, these days).

I'm closing this as a dup. of bug 675574. Feel free to reopen, if I was reading the comment above wrong.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → DUPLICATE
Duplicate of bug: 675574
You need to log in before you can comment on or make changes to this bug.