Firefox Remote Denial Of Service attack using extremely long filenames

RESOLVED DUPLICATE of bug 1438214

Status

()

RESOLVED DUPLICATE of bug 1438214
6 months ago
5 months ago

People

(Reporter: pwnsdx, Unassigned)

Tracking

64 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 months ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Steps to reproduce:

You can try it @ https://reaperbugs.com/
Source: https://gist.github.com/pwnsdx/d20a99c0500d6f05993ef730bef26746


Actual results:

Repeatedly prompt the user to download file that contains enormous filename will hang the main process.


Expected results:

Behavior for download prompts should be more like Chrome where it seems to handle those cases with ease. Preventing websites to download more than one file unless the user say so is probably the way to go. Truncation / rejection of long filename would also be nice to have.
Group: firefox-core-security

Updated

6 months ago
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1306334

Comment 2

6 months ago
Maybe there's something we can do about the parent process hang due to the long filenames before we fix the dos with multiple downloads.
Group: firefox-core-security
Status: RESOLVED → REOPENED
Component: Untriaged → File Handling
Ever confirmed: true
Flags: needinfo?(paolo.mozmail)
Resolution: DUPLICATE → ---
Summary: Firefox Remote Denial Of Service attack → Firefox Remote Denial Of Service attack using extremely long filenames
Isn't this just because of the blob URL handling? If so, we can probably dupe it to bug 1438214.

Comment 4

6 months ago
(In reply to Johann Hofmann [:johannh] from comment #3)
> Isn't this just because of the blob URL handling? If so, we can probably
> dupe it to bug 1438214.

Oh, I missed that. Yeah, thanks. That bug needs an owner...
Group: firefox-core-security
Status: REOPENED → RESOLVED
Last Resolved: 6 months ago6 months ago
Flags: needinfo?(paolo.mozmail)
Resolution: --- → DUPLICATE
Duplicate of bug: 1438214
(In reply to Sabri from comment #0)
> Preventing websites to download more than one file unless the user say so is probably the way to go.

The download spam prevention project is relevant, see bug 1306334.
You need to log in before you can comment on or make changes to this bug.