Closed Bug 555396 Opened 11 years ago Closed 11 years ago

Javascript exploit can cause FF to become completely unusable

Categories

(Firefox :: Security, defect)

defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 432687

People

(Reporter: nmguse, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1042 Safari/532.5
Build Identifier: 

Using an infinite loop to cause alerts will cause FF to become unusable.

If you have it set to show my home page or blank page you're lucky, as you can kill the FF process and restart, but if not you will not be able to load FF again with the same profile unless you know what you are doing (can figure out what file to delete)

Exploit is as simple as: javascript:for(;;)alert('owned')

Reproducible: Always

Steps to Reproduce:
1. Set "When Firefox Starts" to "Show my windows and tabs from last time"
2. View a webpage that causes infinite JS alerts
3. Owned
Possibly related to Bug #432687 &  Bug #61098.

Workaround: Bug #432687 comment 21 & comment 22.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: eviltraps
You need to log in before you can comment on or make changes to this bug.