Closed Bug 275937 Opened 21 years ago Closed 21 years ago

<img src="mailto:x"> opens default mail-client without user interaction

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 181860

People

(Reporter: bjorn, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Multiple <img src="mailto:#"> (where # is a random string) in a HTML-page can easily crash the whole system by opening 100's of "Compose E-mail"-windows. Proof of concept at http://psionicist.online.fr/intebra.html (will open three windows). Reproducible: Always Steps to Reproduce: 1. Create a HTML-page that looks like this: <html> <img src="mailto:1"> <img src="mailto:2"> <img src="mailto:3"> <img src="mailto:..."> <img src="mailto:n"> </html> 2. Save document. 3. Open it in browser. (4.) Optionally, craft a JavaScript that will output 1000's of <img src="mailto:x">-strings. Actual Results: Several windows were created without user interaction. Expected Results: Nothing. <img src="x"> should not be allowed to open mailto: or protocols other han http: and ftp: Also affects Internet Explorer, Outlook Express, and Mozilla Thunderbird. This is a really old trick exploited in the JS.WindowBomb virus and I have only seen it "in the wild" once, but it is highly annoying and can potentially wreck havock in HTML e-mails as well.
*** This bug has been marked as a duplicate of 181860 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.