684476 - Unresponsive JavaScript Code: Recursive load of single page with pop up blocker disabled makes Firefox hang, overload memory and become unresponsive with max. possible CPU usage

Status: NEW

(Firefox :: Security, defect)

Description

[Chamath Mc]

The following describes steps in simple procedures on how to reproduce this bug:
(WARNING: Use precautions since this bug might slow down or even crash your computer)

1. Disable popup blocker in Firefox. (In the "Content" tab of Firefox Options, uncheck "Block popup windows".

2. Create a file called "crash.htm" in "C:" drive with the following simple code which contains the JavaScript that makes Firefox crash.
(Open Notepad with Administrative Priviledges (Right click Notepad and click "Run as Administrator), copy and paste the following code, click File-->Save. Type "crash.htm" as the file name and select "All files" from "Save as type" list. Finally select "C:" drive to save it and click Save)

<html>
<body>
<script type="text/javascript">
for(;;)
{
	window.open('file:///C:/crash.htm','_newtab');
}
</script>
</body>
</html>


3. Close Firefox (optional, but I recommend to do this for the first time).

4. Open "crash.htm" which has been saved in "C:" drive. (If you had saved this as a different name, make sure the file name in the JavaScript code had also been changed)

Firefox undergoes a severe and fatal infinite loop and becomes unresponsive and the "Stop Script" warning does not seem to work at all. i.e. Even the warning for unresponsive script might become unresponsive and would not respond. Firefox keeps increasing its memory (with possible memory recoveries but still it is fatal) with maximum possible CPU usage.

This is a possible vulnerable JavaScript attack in Firefox where user is left with no option. The warning which is supposed to appear for unresponsive script should respond to the user by stopping the infinite loop. The memory increase should also be fixed.

Comment 1

[Jim Burton]

8 years and no response?

This is similar to what I just caused with Firefox, but using server-side code.

I made a mistake with PHP which resulted in a never-ending loop. When I hit the page, Firefox AND Windows 10 became unresponsive.

Firefox Quantum 67.0.4.
Windows 10 Enterprise 1809

Comment 2

[gividen]

I can recreate the "bug" at will. Firefox appears to enter some kind of fatal infinite loop. Tabs become in-operable.
The "bug" was produced by a forced redirect to this website.
http://165.22.150.35/?number=+1-(888)-963-8952
Which then force redirected my browser to this site.
http://165.22.150.35/2xxdfhdsjfjdsafhsdjafbhdsafsdjfhsa/?phone=+1-(888)-963-8952&
The page is a phishing scam for Windows users. It attempts to upload encryption malware.

When you visit you will see that you cannot close the pop up. You cannot close the tab. You cannot switch between tabs. You cannot close firefox by clicking the top right (X) My CPU usage appears to only max out intermittently. Windows 7 lags but does respond.

Firefox shut down on it's own 1 in 4 tries. Shutting down the process tree was required the other times.

Comment 3

[Paul Zühlcke [:pbz]]

With the popup blocker enabled this seems unproblematic. The page becomes unresponsive but the tab can simply be closed.
I don't think this belong to SitePermissions, since the popup-block bar isn't really the problem here and the blocking mechanism was explicitly disabled. If we were to add a protection for this (rate limit like Bug 1314912?) we would need to do it on the platform side.

Comment 4

[BugBot [:suhaib / :marco/ :calixte]]

The severity field is not set for this bug.
:serg, could you have a look please?

For more information, please visit BugBot documentation.