Javascript window() can be used for denial of service attack (DOS)

VERIFIED DUPLICATE of bug 317334

Status

()

--
critical
VERIFIED DUPLICATE of bug 317334
13 years ago
13 years ago

People

(Reporter: t.vinson, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051123 Firefox/1.6a1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051123 Firefox/1.6a1

This site demonstrates proof of concept for a bug in Internet Explorer.  I tried it out in Firefox as well.  The behavior below occurs in both release 1.0.7 and the build I'm using right now.  I didn't notice any additional i/o or memory usage, just cpu.
A description of the bug under IE is at http://www.computerterrorism.com/research/ie/ct21-11-2005.


Reproducible: Always

Steps to Reproduce:
1.Go to http://www.computerterrorism.com/research/ie/poc.htm
2.Click on the link for XP


Actual Results:  
Browser hangs (using about 50% of the cpu)

Expected Results:  
Open a popup window with no content or with an error message

Comment 1

13 years ago

*** This bug has been marked as a duplicate of 317334 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.