Closed
Bug 335256
Opened 19 years ago
Closed 8 years ago
Denial of Service through the setTimeout() JavaScript function (recursive setTimeout/setInterval)
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
DUPLICATE
of bug 1300659
People
(Reporter: roland.illig, Assigned: brendan)
References
Details
(Keywords: hang, testcase, Whiteboard: [sg:dos])
Attachments
(1 file)
248 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.8) Gecko/20050512
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.8) Gecko/20050512
<html>
<head>
<script>
function bomb() {
setTimeout("bomb()", 1000);
setTimeout("bomb()", 1000);
}
</script>
</head>
<body onload="bomb()">
Please wait some seconds ... then, try to continue to use Mozilla.
</body>
</html>
Reproducible: Always
Steps to Reproduce:
1. save the text above to a file
2. load the file in Mozilla, Firefox, Konqueror or Internet Explorer. (Opera does not work.)
3. wait 10 seconds
Actual Results:
Now it should be impossible to further click anywhere in the application window
Expected Results:
alertYesNo("This JavaScript takes forever to compute. Continue?");
Updated•19 years ago
|
Assignee: dveditz → general
Group: security
Component: Security → JavaScript Engine
Product: Mozilla Application Suite → Core
QA Contact: seamonkey → general
Whiteboard: [sg:dos]
Version: unspecified → Trunk
Comment 1•19 years ago
|
||
Comment 2•19 years ago
|
||
*** This bug has been marked as a duplicate of 261633 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Comment 3•17 years ago
|
||
Bug 261633 got morphed a little bit, re-opening to cover the more general issue.
Status: RESOLVED → UNCONFIRMED
Component: JavaScript Engine → DOM
Resolution: DUPLICATE → ---
Summary: Denial of Service through the setTimeout() JavaScript function → Denial of Service through the setTimeout() JavaScript function (recursive setTimeout/setInterval)
Updated•17 years ago
|
Assignee: general → nobody
Status: UNCONFIRMED → NEW
Ever confirmed: true
QA Contact: general → general
Comment 12•16 years ago
|
||
This bug blocks bug 30942 – Browser should remain responsive during most
infinite loops
Assignee | ||
Comment 16•14 years ago
|
||
I'm going to investigate what WebKit does (suppresses, IIRC) and imitate. This is one DoS/accident that we can control without breaking the web.
/be
Assignee: nobody → brendan
Assignee | ||
Comment 17•14 years ago
|
||
Wait, we do this already, right? Cc'ing bz.
/be
Comment 18•14 years ago
|
||
> Wait, we do this already, right?
Do what where?
Reporter | ||
Comment 20•10 years ago
|
||
What about just limiting the number of setInterval/setTimeout events that Firefox can manage? No sensible web page should ever want 1000 individual timers, I guess.
And if you find this guess too vague, maybe do an experiment through a User Experience program and record the highest number of timers that a website has ever needed. Then, after 3 months, look at the numbers, take the most sensible of them, multiply it by 10 and make this a fixed limit.
Comment 21•8 years ago
|
||
I believe this was fixed by bug 1300659 in FF52.
Status: NEW → RESOLVED
Closed: 19 years ago → 8 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•