Possible DoS attack vector using iframes with PDFs
Categories
(Firefox :: Untriaged, defect)
Tracking
()
People
(Reporter: accounts, Unassigned)
Details
Attachments
(3 files)
Chromium-blocks-downloads.png
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:142.0) Gecko/20100101 Firefox/142.0
Steps to reproduce:
Create a HTML document containing lots of iframes with src= pointing to a PDF file:
<iframe title="This will open a popup" src="https://github.com/mozilla/pdf.js/raw/refs/heads/master/examples/learning/helloworld.pdf"></iframe>
<iframe title="This will open a popup" src="https://github.com/mozilla/pdf.js/raw/refs/heads/master/examples/learning/helloworld.pdf"></iframe>
<iframe title="This will open a popup" src="https://github.com/mozilla/pdf.js/raw/refs/heads/master/examples/learning/helloworld.pdf"></iframe>
...
Actual results:
Firefox will download, download and open or show a popup for each of the PDF files referenced. Depending on hardware resources and the number of iframes referenced on the site (maybe hundreds for malicious pages) may cause Firefox or the host system to slow down or crash.
Expected results:
I'd expect Firefox to block excessive amounts of such iframes on pages, or not try to download PDF files referenced by iframes, similar to blocking popups or excessive amounts of JavaScript alert(); calls.
For comparison, Chromium blocks this kind of attack, requiring user interaction for excessive amounts of downloads.
Behavior in Firefox 142.0.1 when PDF filetype settings are set to "always ask".
Behavior in Firefox 142.0.1 when PDF filetype settings are set to "open".
|
||
Updated•4 months ago
|
|
||
Comment 4•4 months ago
|
||
definitely DOS potential. most likely solution is bug 1711049
Description
•