Closed Bug 337630 Opened 17 years ago Closed 17 years ago

Window-spawning DOS prevention

Categories

(Firefox :: Security, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 167475

People

(Reporter: bugzilla2009, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3

I browsed by halflife2 . zoy . org today (DO NOT TRY LINK).
It's a shock/DOS site that uses javascript and flash to spawn windows showing disturbing pictures and then launches email windows until the computer crashes.

I believe there are is no actual vulnerability in firefox itself , but rather in flash.

Still I had an idea :
If Firefox (or indeed all the mozilla products) had a limit to how many windows it could open in a given timeframe , no matter what spawned the window, it could seriously diminish the effect of such an attack.

I imaging that this would require a minimum time between calls for new windows to spawn .. if something tries to open windows faster than what is humanly possible (it takes time to find a link and click on it) then either the new windows are not opened or they are delayed.

The delaytime would increase as long as firefox deems that the attack is still in progress - This would give a user time to close windows before they have a chance to open new windows.

There should also be a minimum number of windows that would be allowed to open without delay at first so benign scripts that open a few windows would not be affected.

Reproducible: Always

*** This bug has been marked as a duplicate of 334426 ***
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.