Closed Bug 335256 Opened 19 years ago Closed 8 years ago

Denial of Service through the setTimeout() JavaScript function (recursive setTimeout/setInterval)

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 1300659

People

(Reporter: roland.illig, Assigned: brendan)

References

Details

(Keywords: hang, testcase, Whiteboard: [sg:dos])

Attachments

(1 file)

User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.8) Gecko/20050512 Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.8) Gecko/20050512 <html> <head> <script> function bomb() { setTimeout("bomb()", 1000); setTimeout("bomb()", 1000); } </script> </head> <body onload="bomb()"> Please wait some seconds ... then, try to continue to use Mozilla. </body> </html> Reproducible: Always Steps to Reproduce: 1. save the text above to a file 2. load the file in Mozilla, Firefox, Konqueror or Internet Explorer. (Opera does not work.) 3. wait 10 seconds Actual Results: Now it should be impossible to further click anywhere in the application window Expected Results: alertYesNo("This JavaScript takes forever to compute. Continue?");
Assignee: dveditz → general
Group: security
Component: Security → JavaScript Engine
Product: Mozilla Application Suite → Core
QA Contact: seamonkey → general
Whiteboard: [sg:dos]
Version: unspecified → Trunk
Keywords: testcase
Keywords: hang
*** This bug has been marked as a duplicate of 261633 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Bug 261633 got morphed a little bit, re-opening to cover the more general issue.
Status: RESOLVED → UNCONFIRMED
Component: JavaScript Engine → DOM
Resolution: DUPLICATE → ---
Summary: Denial of Service through the setTimeout() JavaScript function → Denial of Service through the setTimeout() JavaScript function (recursive setTimeout/setInterval)
Assignee: general → nobody
Status: UNCONFIRMED → NEW
Ever confirmed: true
QA Contact: general → general
This bug blocks bug 30942 – Browser should remain responsive during most infinite loops
I'm going to investigate what WebKit does (suppresses, IIRC) and imitate. This is one DoS/accident that we can control without breaking the web. /be
Assignee: nobody → brendan
Wait, we do this already, right? Cc'ing bz. /be
> Wait, we do this already, right? Do what where?
What about just limiting the number of setInterval/setTimeout events that Firefox can manage? No sensible web page should ever want 1000 individual timers, I guess. And if you find this guess too vague, maybe do an experiment through a User Experience program and record the highest number of timers that a website has ever needed. Then, after 3 months, look at the numbers, take the most sensible of them, multiply it by 10 and make this a fixed limit.
I believe this was fixed by bug 1300659 in FF52.
Status: NEW → RESOLVED
Closed: 19 years ago8 years ago
Resolution: --- → DUPLICATE
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: