Denial of Service through the setTimeout() JavaScript function (recursive setTimeout/setInterval)

RESOLVED DUPLICATE of bug 1300659

Status

()

--
critical
RESOLVED DUPLICATE of bug 1300659
13 years ago
13 days ago

People

(Reporter: roland.illig, Assigned: brendan)

Tracking

({hang, testcase})

Trunk
hang, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dos])

Attachments

(1 attachment)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.8) Gecko/20050512
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.8) Gecko/20050512

<html>
<head>
<script>
function bomb() {
        setTimeout("bomb()", 1000);
        setTimeout("bomb()", 1000);
}
</script>
</head>

<body onload="bomb()">
Please wait some seconds ... then, try to continue to use Mozilla.
</body>
</html>


Reproducible: Always

Steps to Reproduce:
1. save the text above to a file
2. load the file in Mozilla, Firefox, Konqueror or Internet Explorer. (Opera does not work.)
3. wait 10 seconds

Actual Results:  
Now it should be impossible to further click anywhere in the application window

Expected Results:  
alertYesNo("This JavaScript takes forever to compute. Continue?");
Assignee: dveditz → general
Group: security
Component: Security → JavaScript Engine
Product: Mozilla Application Suite → Core
QA Contact: seamonkey → general
Whiteboard: [sg:dos]
Version: unspecified → Trunk
Keywords: testcase
Keywords: hang

*** This bug has been marked as a duplicate of 261633 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
Bug 261633 got morphed a little bit, re-opening to cover the more general issue.
Status: RESOLVED → UNCONFIRMED
Component: JavaScript Engine → DOM
Resolution: DUPLICATE → ---
Summary: Denial of Service through the setTimeout() JavaScript function → Denial of Service through the setTimeout() JavaScript function (recursive setTimeout/setInterval)
Assignee: general → nobody
Status: UNCONFIRMED → NEW
Ever confirmed: true
QA Contact: general → general
Duplicate of this bug: 303902
Duplicate of this bug: 329404
Duplicate of this bug: 321025
Duplicate of this bug: 300394
Duplicate of this bug: 297522
Duplicate of this bug: 419252

Updated

11 years ago
Duplicate of this bug: 408344

Updated

11 years ago
Duplicate of this bug: 159909

Comment 12

11 years ago
This bug blocks bug 30942 – Browser should remain responsive during most
infinite loops

Updated

9 years ago
Duplicate of this bug: 536754
Duplicate of this bug: 571605
Duplicate of this bug: 555948
(Assignee)

Comment 16

9 years ago
I'm going to investigate what WebKit does (suppresses, IIRC) and imitate. This is one DoS/accident that we can control without breaking the web.

/be
Assignee: nobody → brendan
(Assignee)

Comment 17

8 years ago
Wait, we do this already, right? Cc'ing bz.

/be
> Wait, we do this already, right?

Do what where?
Duplicate of this bug: 679652
(Reporter)

Comment 20

4 years ago
What about just limiting the number of setInterval/setTimeout events that Firefox can manage? No sensible web page should ever want 1000 individual timers, I guess.

And if you find this guess too vague, maybe do an experiment through a User Experience program and record the highest number of timers that a website has ever needed. Then, after 3 months, look at the numbers, take the most sensible of them, multiply it by 10 and make this a fixed limit.
I believe this was fixed by bug 1300659 in FF52.
Status: NEW → RESOLVED
Last Resolved: 13 years ago2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1300659
Component: DOM → DOM: Core & HTML
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.