Closed Bug 317578 Opened 19 years ago Closed 19 years ago

Javascript window() can be used for denial of service attack (DOS)

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 317334

People

(Reporter: t.vinson, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051123 Firefox/1.6a1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051123 Firefox/1.6a1 This site demonstrates proof of concept for a bug in Internet Explorer. I tried it out in Firefox as well. The behavior below occurs in both release 1.0.7 and the build I'm using right now. I didn't notice any additional i/o or memory usage, just cpu. A description of the bug under IE is at http://www.computerterrorism.com/research/ie/ct21-11-2005. Reproducible: Always Steps to Reproduce: 1.Go to http://www.computerterrorism.com/research/ie/poc.htm 2.Click on the link for XP Actual Results: Browser hangs (using about 50% of the cpu) Expected Results: Open a popup window with no content or with an error message
*** This bug has been marked as a duplicate of 317334 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.