Closed
Bug 249360
Opened 21 years ago
Closed 21 years ago
No way to stop malicious javascript
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
People
(Reporter: relf, Unassigned)
Details
Attachments
(1 file)
|
302 bytes,
text/html
|
Details |
Linux build 2004062507
To reproduce:
1. Open the provided testcase
2. There is no way to stop malicious javascript
The only way to stop it, is to kill mozilla-bin application
Expected results:
There should be a way to interrupt javascript execution without killing Mozilla.
|
Reporter | |
Comment 1•21 years ago
|
||
|
|
Reporter | |
Updated•21 years ago
|
Summary: No protection from malicious javascript → No way to stop malicious javascript
Assignee: general → general
Component: JavaScript Engine → DOM: Level 0
QA Contact: pschwartau → ian
Whiteboard: DUPEME
steps:
1. open a second window
2. load your link in the first window
3. select the second window
4. tools>web development>javascript debugger
5. select the windows view
6. select the first window
7. select the evil page
8. double click
9. set a breakpoint on the first while(true) line
10. click ok in the stupid dialog
11. in venkman evaluate: alert=funciton die(){throw 'stop that'}
12. click the green continue button.
-done-
what these steps mean: the summary is wrong.
Hi,
Netscape Communicator 4.79 Internet Explorer 5.01 anmd 5.5 Other Mozilla
versions and Opera 7.51 paid version do the same.
I think that it is a thing of all browsers.
|
||
Comment 4•21 years ago
|
||
If you wait long enough, a dialog asking whether to stop the script or let it
continue should come up.
/be
|
|
Reporter | |
Comment 5•21 years ago
|
||
> steps:
> 1. open a second window
> 2. load your link in the first window
Nice ;)
But what if only one window was opened, and the script run there?
It will block openning a second window.
|
|
Reporter | |
Comment 6•21 years ago
|
||
Brendan, is there a way to force termination of the script not "waiting long
enough" ?
I'd prefer to have, say, a checkbox like
[ ] Terminate this javascript
right on the annoying dialog.
|
||
Comment 7•21 years ago
|
||
relf-
You probably want bug bug 61098.
This is a different DOS attack than the script blocker is designed for. There
is no runaway script, it is patiently waiting for the user's input. Past dupes
of this (such as bug 66097) went to bug 61098. bug 59314 and bug 60150 may be
other approaches to tackle the problem.
|
||
Comment 8•21 years ago
|
||
*** This bug has been marked as a duplicate of 61098 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
|
||
Updated•21 years ago
|
Status: RESOLVED → VERIFIED
Whiteboard: DUPEME
You need to log in
before you can comment on or make changes to this bug.
Description
•