Closed Bug 546005 Opened 14 years ago Closed 3 years ago

Bug in 3.6 version -"Browser doesn't respond any longer to any user input, all tabs are no longer accessible, your work if any might be lost."

Categories

(Firefox :: Security, defect)

x86_64
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
firefox-esr78 --- wontfix
firefox89 --- fixed

People

(Reporter: maciek.mbhunter, Unassigned)

References

()

Details

(Keywords: hang, Whiteboard: [sg:dos])

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

http://www.exploit-db.com/exploits/11432 - check this out, ther's a code to use thsi bug

Reproducible: Always
Group: core-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: hang

Hey Daniel,
Does this issue still reproduce for you or can we mark it as closed?

Flags: needinfo?(dveditz)

Here's the exploitdb testcase as a data: url (can't click to open, but copy/paste works):

data:text/html;base64,PGh0bWw+Cjx0aXRsZT5hc2hlZXNoIGt1bWFyIG1hbmkgdHJpcGF0aGk8L3RpdGxlPgoKPHNjcmlwdD4KCgpmdW5jdGlvbiAKYXNoZWVzaCgpCnsKd2luZG93Lm9uZXJyb3I9bmV3IEZ1bmN0aW9uKCJoaXN0b3J5LmdvKDApIik7CndpbmRvdy5wcmludCgpOwphc2hlZXNoKCk7CgoKfQphc2hlZXNoKCk7Cjwvc2NyaXB0PgoKPC9odG1sPg==

What I see now is the in-content print dialog come up one at a time rather than spawning zillions. Cancel/ESC works to close it, it pops up a few times (usually 3 for me?) and then gives up, not sure why. Maybe it's hooked to our popup limits? In any case, you could simply close the tab at any time even if the loop didn't stop.

This is no longer abusable on Release. On ESR-78 it's still fairly abusive. Not quite as bad as it once was because there's a confirm prompt asking if i want to let that site continue to create dialogs slowing things down. Neither option actually works, but it forces the print dialogs to come up one at a time and sometimes you can slip in a click on the tab-close button in between.

Status: NEW → RESOLVED
Closed: 3 years ago
Flags: needinfo?(dveditz)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.