Closed Bug 481625 Opened 12 years ago Closed 10 years ago

A malicious author can force (some) users to restart their browser with huge modal dialog

Categories

(Core :: Security, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: hwaara, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Not sure if it's overkill to flag this as security problem, but I'll do it for now and let you guys decide.

Summary: It's easy to bring up a HUGE modal dialog that are many screens high with javascript. 

Unless you know the right key (or if you don't have a keyboard: think accessibility) to use for that particular prompt/alert, they are not closable. On OS X, no close item is available, only stuff like "Quit" and "Preferences".

This means a malicious web author could force users to quit and restart the browser. If the user uses session restore, the same problem might reoccur upon restore, so in the end they will have to throw away all sessions as well, losing a lot of data!

STR:
 1. in javascript:   alert(hugeText);
Doesn't the Esc key always close these? And the Return key? And probably the space key?

You're right this could be an issue for keyboardless users, like Fennec running on a touchscreen-only device. The modality of the dialog might interfere with bringing up the on-screen keyboard (hopefully alerts are app-modal not system-modal).

Given the size of these dialogs I'm not sure the proposed solution of adding a "cancel all scripts" checkbox to modal dialogs is a complete solution, so for now I'll leave this as a separate "trap" rather than duping to that bug.
Blocks: eviltraps
Group: core-security
This has been fixed with the new alert() system in Firefox 4.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.