Closed
Bug 317578
Opened 19 years ago
Closed 19 years ago
Javascript window() can be used for denial of service attack (DOS)
Categories
(Firefox :: General, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 317334
People
(Reporter: t.vinson, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051123 Firefox/1.6a1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051123 Firefox/1.6a1
This site demonstrates proof of concept for a bug in Internet Explorer. I tried it out in Firefox as well. The behavior below occurs in both release 1.0.7 and the build I'm using right now. I didn't notice any additional i/o or memory usage, just cpu.
A description of the bug under IE is at http://www.computerterrorism.com/research/ie/ct21-11-2005.
Reproducible: Always
Steps to Reproduce:
1.Go to http://www.computerterrorism.com/research/ie/poc.htm
2.Click on the link for XP
Actual Results:
Browser hangs (using about 50% of the cpu)
Expected Results:
Open a popup window with no content or with an error message
*** This bug has been marked as a duplicate of 317334 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•