Closed
Bug 337630
Opened 19 years ago
Closed 19 years ago
Window-spawning DOS prevention
Categories
(Firefox :: Security, enhancement)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 167475
People
(Reporter: bugzilla2009, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
I browsed by halflife2 . zoy . org today (DO NOT TRY LINK).
It's a shock/DOS site that uses javascript and flash to spawn windows showing disturbing pictures and then launches email windows until the computer crashes.
I believe there are is no actual vulnerability in firefox itself , but rather in flash.
Still I had an idea :
If Firefox (or indeed all the mozilla products) had a limit to how many windows it could open in a given timeframe , no matter what spawned the window, it could seriously diminish the effect of such an attack.
I imaging that this would require a minimum time between calls for new windows to spawn .. if something tries to open windows faster than what is humanly possible (it takes time to find a link and click on it) then either the new windows are not opened or they are delayed.
The delaytime would increase as long as firefox deems that the attack is still in progress - This would give a user time to close windows before they have a chance to open new windows.
There should also be a minimum number of windows that would be allowed to open without delay at first so benign scripts that open a few windows would not be affected.
Reproducible: Always
Comment 1•19 years ago
|
||
see bug 213280, bug 31041
Comment 2•19 years ago
|
||
*** This bug has been marked as a duplicate of 334426 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
QA Contact: Virtual
You need to log in
before you can comment on or make changes to this bug.
Description
•