Closed
Bug 301424
Opened 19 years ago
Closed 11 years ago
Simple DOS attack possible via addPanel
Categories
(Firefox :: Bookmarks & History, defect)
Firefox
Bookmarks & History
Tracking
()
RESOLVED
FIXED
Firefox 23
People
(Reporter: Seno.Aiko, Unassigned)
References
Details
(Whiteboard: [sg:dos])
User-Agent: Mozilla/3.04 (WinNT; I)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050712 Firefox/1.0+
The following JS line hangs Deer Park Alpha 2:
for (;;) window.sidebar.addPanel ("x", "http://www.example.net/", "");
I've marked this as a security problem because at least under Windows XP it
becomes very hard to close Deer Park if you don't do it soon enough: Task
Manager fails to open or the 'End Process' button doesn't do anything. I had to
log off to finally get rid of the browser which could cause loss of data in
other applications.
Reproducible: Always
|
||
Comment 1•19 years ago
|
||
This is like "while(true) window.open()" except the popup blocker prevents that kind of abuse. addPanel() should probably feed through the popup blocker too, to make sure it's in response to a reasonable user action.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [sg:dos]
|
|
||
Comment 2•18 years ago
|
||
*** Bug 338498 has been marked as a duplicate of this bug. ***
|
|
||
Updated•18 years ago
|
Group: security
Whiteboard: [sg:dos] → [sg:low dos]
|
||
Comment 3•18 years ago
|
||
addPersistentPanel, addSearchEngine, and addMicrosummaryGenerator (possibly other similar methods being added, feed handling comes to mind) all could use some kind of protection against this type of abuse. There was some discussion about creating a generic system that could be shared with the popup blocker for this kind of thing when I brought up the "add a search engine" UI in #developers a while ago.
|
||
Comment 4•16 years ago
|
||
This was just published here: http://websecurity.com.ua/2454/
|
|
||
Updated•16 years ago
|
Whiteboard: [sg:low dos] → [sg:dos]
|
||
Comment 6•16 years ago
|
||
same as bug 256154?
(In reply to comment #6) > same as bug 256154? I don't think so, I had seen that bug before I filed this one. The other bug is about whether this addPanel should be treated just like window.open, this one is about limiting the number of simultaneous addPanel dialogs. Of course, iff addPanel was treated just like a popup this bug would become moot.
|
||
Comment 9•13 years ago
|
||
As shown in the duplicated bug 658863 this i still a problem in the latest Firefox versions.
OS: Windows XP → All
Hardware: x86 → All
Version: unspecified → Trunk
|
||
Comment 10•11 years ago
|
||
Bug 691647 removed addPanel.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
|
|
||
Updated•11 years ago
|
|
|
||
Updated•11 years ago
|
Target Milestone: Firefox 24 → Firefox 23
You need to log in
before you can comment on or make changes to this bug.
Description
•