Massive system overload (DOS) / browser crash maybe even profile destruction.

RESOLVED DUPLICATE of bug 566893

Status

()

--
critical
RESOLVED DUPLICATE of bug 566893
6 years ago
3 years ago

People

(Reporter: AndrzejL.PCLinuxOS, Unassigned)

Tracking

({hang})

15 Branch
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dos])

(Reporter)

Description

6 years ago
User Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/15.0 Firefox/15.0a1
Build ID: 20120505030510

Steps to reproduce:

Hi guys I have just found out that IF site contains:

[html][body onload="setInterval(function(){location.href='mailto:a@b.c'},10);" /][/html]

(change [][ ][] to <>< ><> You know where)

it is gonna open a LOADS of "New message" (or "What do You want me to do with MAILTO") windows in a very short time and cause system overload and maybe even profile damage. I don't want to be a nervous Nelly but it opened about 100 windows in several seconds here...


Actual results:

I created a html file on my site and pasted the above code

http://andrzejl.no-ip.org:10101 /killfirefox.html 

(I broke address on purpose to avoid accidental click just remove space) and clicked on the link. Multiple "New message" were opened in short time and almost caused me to reboot the machine. Thank cat I had enough time to xkill it. Profile seems intact but maybe I was just lucky?


Expected results:

I don't know guys. You will know better what should have happened :).

I hope that I am not making a fool of myself. I bet You already know this but I prefer to be better safe then sorry :).

Thanks a lot for a great work folks.

Regards.

Andrzej
(Reporter)

Updated

6 years ago
Severity: normal → critical
This is a known DOS issue. It does not need to be hidden.
Group: core-security
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 2

6 years ago
(In reply to Al Billings [:abillings] from comment #1)
> This is a known DOS issue. It does not need to be hidden.

Al, are you saying this is a duplicate?
It is but I don't know the number. We get this all the time.

Updated

6 years ago
Keywords: hang
Summary: Firefox. All versions. Sensitive vulnerability to a specific code that can cause massive system overload / browser crash maybe even profile destruction. → Massive system overload (DOS) / browser crash maybe even profile destruction.
Whiteboard: [dupeme][sg:dos]

Comment 4

3 years ago
Duplicate of bug 749633, which is marked duplicate of bug 566893.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
QA Whiteboard: [bugday-20150330]
Resolution: --- → DUPLICATE
Whiteboard: [dupeme][sg:dos] → [sg:dos]
Duplicate of bug: 566893
You need to log in before you can comment on or make changes to this bug.