Closed
Bug 256828
Opened 20 years ago
Closed 8 years ago
DOS from lots of iframes w/ unloadable content (modal dlgs)
Categories
(Core :: Networking, defect)
Core
Networking
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: admin, Unassigned)
References
()
Details
(Whiteboard: [sg:dos])
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040809 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040809 <!-- <script language="JavaScript"> while(true) { document.write("<iframe src=\"C:\Windows\system32\"></iframe>"); } </script> --> Reproducible: Always Steps to Reproduce: 1. Visit http://tuxq.com/exploit.html 2. Reproduced. Actual Results: Pop up an infinite ammount of error messages. Expected Results: Uhm... Not pop up an infinite of error messages... This affects Mozilla, Opera, and Internet Explorer ...All with different problems. I only submitted to Mozilla because it's the only one I use.
Comment 1•20 years ago
|
||
An infinite amount? That's unlikely. Setting iframe src= has nothing to do with JavaScript, so please file bugs in better components. What makes you say this is an "Exploit"? /be
Component: JavaScript Engine → Browser-General
QA Contact: pschwartau → dveditz
Comment 2•20 years ago
|
||
No need for the security sensitive flag since this report is based on a public posting already. The actual DOS is hosted at http://www.su1d.net/iframe2.html, the above link is to a discussion about it. I get a prompt that a script is causing Mozilla to run slowly and offering to let me abort it. After aborting the script I do get a lot of prompts, but much fewer than 100. I'm sure it'd be more if I let the script run, but this is a standard issue JS-loop DOS of which we've seen tons of variants. Apart from JS, you could accomplish the same thing with a long page of pregenerated broken <iframe>s. Dropping the modal dialogs for unloadable content would be a big help. There are other bugs on that topic (bug 28586 links to many).
Group: security
Status: UNCONFIRMED → NEW
Component: Browser-General → Networking
Ever confirmed: true
Summary: Exploit for Mozilla (ALL VERSIONS) → DOS from lots of iframes w/ unloadable content (modal dlgs)
Whiteboard: [sg:dos]
Updated•18 years ago
|
Assignee: darin → nobody
QA Contact: benc → networking
Comment 3•12 years ago
|
||
The URL is dead and the posted script from comment doesn't do anything in trunk versions. Is this still valid ?
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•