Closed Bug 1892803 Opened 1 years ago Closed 1 year ago

Redirected Yahoo Finance links cause Firefox to slow down (yimg script)

Categories

(Web Compatibility :: Site Reports, defect, P1)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect

Tracking

(firefox126 affected, firefox127 affected, firefox128 affected)

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox126 --- affected
firefox127 --- affected
firefox128 --- affected

People

(Reporter: rccall, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

(4 keywords, Whiteboard: [webcompat:sightline])

User Story

platform:windows,mac,linux
impact:workflow-broken
configuration:general
affects:all
branch:release

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0

Steps to reproduce:

  1. Search for "<ticker symbol> stock quote yahoo", where <ticker symbol> is a valid stock ticker; e.g., "DEO stock quote yahoo" -- on Google, Bing, or DuckDuckGo
  2. Click on a link that goes to finance.yahoo.com

I have tried these steps in a new Firefox profile, in a private window, and following an uninstall/reinstall of FF with deletion of the Program Files folder in between. Further information about the steps I've taken to remedy this problem are available here:
https://support.mozilla.org/en-US/questions/1445005
You can also find there some diagnostic information that I submitted through FF.

The following things also did not resolve the problem:

  • Turning off Enhanced Tracking protection
  • Using Troubleshoot mode
  • Clearing cache and cookies

The following URLs are search engine links that cause FF to exhibit this behavior (using "DEO" as the ticker symbol -- although any other ticker symbol will generate similar URLs that cause the behavior):

Google search: https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://finance.yahoo.com/quote/DEO/&ved=2ahUKEwiZ-9y6zdaFAxXLF1kFHXNtDLIQFnoECB0QAQ&usg=AOvVaw0zvKHp1oKDKOeJESuePEqK

Bing search: https://www.bing.com/ck/a?!&&p=ac244f0140d3993aJmltdHM9MTcxMzc0NDAwMCZpZ3VpZD0yOWYxYTkwMy1hMjgxLTYxN2UtMWIxYS1iYTRlYTY4MTZmMjkmaW5zaWQ9NTE5OQ&ptn=3&ver=2&hsh=3&fclid=29f1a903-a281-617e-1b1a-ba4ea6816f29&psq=deo+stock+quote+yahoo&u=a1aHR0cHM6Ly9maW5hbmNlLnlhaG9vLmNvbS9xdW90ZS9ERU8&ntb=1

DuckDuckGo search: https://finance.yahoo.com/quote/DEO

It's especially interesting to note that the DuckDuckGo link seems to contain no extraneous information in the URL; nonetheless, clicking the URL from the search results page in FF reproduces the bug, while copying the URL and pasting it into a new FF tab does not.

Actual results:

On the resulting page, the graph representing the stock price over time will be blank except for a message that says "Loading chart for <ticker symbol>". That graph will never get populated.

Furthermore, Firefox functionality will be "broken"; for example, the "report a broken site" dialog will be unavailable (trying to submit the report does nothing); and right-clicking on the page will not bring up the right-click menu. Ctrl-shift-S does nothing, ctrl-reload results in a blank page, and the Web Console cannot be accessed (ctrl-shift-K does nothing; the Web Developer tools menu displays a black box).

Expected results:

The page should have been displayed with a populated graph, and the "report broken site" dialog should have been available; also, the Web Console should have been accessible.

The Bugbug bot thinks this bug should belong to the 'Core::Privacy: Anti-Tracking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Privacy: Anti-Tracking
Product: Firefox → Core
Component: Privacy: Anti-Tracking → Untriaged
Product: Core → Firefox

Reduced STR:

  1. Open a new tab and load https://www.google.com/url?sa=t&source=web&url=https://finance.yahoo.com/quote/DEO and continue throught the redirect
  2. If the chart is loaded, redo step 1
  3. Wait a bit -> Browser is slowing down, script issues -> stop script
  4. Check dev console.

Actual Result:

Expected Result:
Yahoo finance page loads the same regardless if the page was redirected or loaded directly.

Tentatively triaging this to newtworking, @Valentin, could you please take a look and advise/confirm if this is a CORS problem?

Severity: -- → S3
status-firefox126: --- → affected
status-firefox127: --- → affected
status-firefox128: --- → affected
Component: Untriaged → Networking
Flags: needinfo?(valentin.gosu)
Keywords: hang
Product: Firefox → Core
Summary: Firefox improperly renders Yahoo Finance quote pages reached through search engine links → Redirected Yahoo Finance links cause Firefox to slow down (yimng script)
Version: Firefox 125 → Trunk
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Redirected Yahoo Finance links cause Firefox to slow down (yimng script) → Redirected Yahoo Finance links cause Firefox to slow down (yimg script)

Trying to debug the hanging tab shows this stack trace:

r_C$Gav (https://s.yimg.com/uc/finance/cosaic/js/chartiq.3120ae4c09da7892a808.js#2)
F1g (https://s.yimg.com/uc/finance/cosaic/js/chartiq.3120ae4c09da7892a808.js#2)
a (https://s.yimg.com/uc/finance/cosaic/js/chartiq.3120ae4c09da7892a808.js#2)
a (https://s.yimg.com/uc/finance/cosaic/js/chartiq.3120ae4c09da7892a808.js#2)
createDataSet (https://s.yimg.com/uc/finance/cosaic/js/chartiq.3120ae4c09da7892a808.js#2)
setTimeZone (https://s.yimg.com/uc/finance/cosaic/js/chartiq.3120ae4c09da7892a808.js#2)
loadChart (https://s.yimg.com/uc/finance/cosaic/js/common-756fe656.87e597e61b674ef2cbb4.js#2)

The hanging function is:

      n[511246] = function () {
        for (; ; ) return {
          r_C$Gav: function () {
            for (var e = 2; 1 !== e; ) if (2 === e) e = 2
          }
        }
      }(),

It seems to me that there's no way to exit the for loop.

The question is what makes the code be called - unfortunately I couldn't figure out the call stack.
Here's a profile for this issue. https://share.firefox.dev/3RguxKy
I think we should contact the website regarding this issue.

I'll try to do a mozregression to find out if this is related to anything we've changed, but I think ultimately this is a website bug.

Component: Networking → Site Reports
Flags: needinfo?(valentin.gosu)
Product: Core → Web Compatibility
Severity: S3 → --
URL: https://finance.yahoo.com/
Severity: -- → S2
User Story: (updated)
Keywords: webcompat:needs-diagnosis
Priority: -- → P1

I think this is caused by Firefox not implementing location.ancestorOrigins

I figured this out by using mitmproxy to inject a version of the chartiq that was instrumented for coverage.

You can see a clear divergence here:
https://jrmuizel-stuff.netlify.app/yahoo-finance-coverage/chrome-coverage/chartiq.8bcd08e28af29c3ab35a-unminify.js#L11434
https://jrmuizel-stuff.netlify.app/yahoo-finance-coverage/ff-coverage/chartiq.8bcd08e28af29c3ab35a-unminify.js#L11434'

c[m][d] from if (X = c[m][d]) { is doing location.ancestorOrigins which is failing in Firefox causing us to go down the else branch and set U which causes us to call into F1g and r_C$Gav

No longer blocks: 1085214
Depends on: 1085214

I can't seem to reproduce the slow script warning. Does this still reproduce for anyone?

Flags: needinfo?(jmuizelaar)
Flags: needinfo?(aflorinescu)

Yeah, it doesn't reproduce for me anymore.

Flags: needinfo?(jmuizelaar)

OK, then let's close this for now. But if it still reproduces for anyone, please let us know and we'll re-investigate.

Status: NEW → RESOLVED
Closed: 1 year ago
Flags: needinfo?(aflorinescu)
Resolution: --- → WORKSFORME
Whiteboard: [webcompat:sightline]
You need to log in before you can comment on or make changes to this bug.