Closed Bug 612597 Opened 14 years ago Closed 14 years ago

DDoS when opening a .html containing a script with document.write()

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 612029

People

(Reporter: nowikowski22, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows NT 5.1; rv:2.0b7) Gecko/20100101 Firefox/4.0b7
Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0b7) Gecko/20100101 Firefox/4.0b7

While opening a .html file with the following script Firefox DDoS:

<script>document.write("\u0000\u0001\u0002\u0003\u0004\u0005")</script>
<script>
var i=0;
for (i=0;i<=19999;i++){
    document.write("X");}
for (i=0;i<=3;i++){
    document.write(document.body.innerHTML);}
</script>

Reproducible: Always

Steps to Reproduce:
1. Just open  a html file containing the following lines:

<script>document.write("\u0000\u0001\u0002\u0003\u0004\u0005")</script>
<script>
var i=0;
for (i=0;i<=19999;i++){
    document.write("X");}
for (i=0;i<=3;i++){
    document.write(document.body.innerHTML);}
</script>
Actual Results:  
Firefox freeze
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
There is nothing "Distributed" about this "DDoS", it's a one-'D' client denial-of-service.
You need to log in before you can comment on or make changes to this bug.