Open Bug 832913 Opened 8 years ago Updated 7 months ago

DoS using unknown content-type objects

Categories

(Firefox :: File Handling, defect)

defect
Not set
major

Tracking

()

People

(Reporter: ojab, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: csectype-dos, sec-low)

Attachments

(3 files)

1. Open a page that has 1k objects with unknown content-type
2. Got 1k download windows.

This is clearly DoS, which is happens on several sites, for example, if Flash plugin isn't installed.
See also Bug 376599.
Depends on: 113941
Attached file Testcase
Testcase has many "<iframe src="https://bugzilla.mozilla.org/attachment.cgi?id=704494"></iframe>" lines, so you'll have many download windows.
Attachment #704495 - Attachment mime type: text/plain → text/html
Component: Plug-ins → File Handling
Keywords: csec-dos, sec-low
Status: UNCONFIRMED → NEW
Ever confirmed: true
Product: Core → Firefox
Version: Trunk → unspecified
Attached image download-subdialog.png

For cases where we have tab relationship we could show this dialog in the TabDialogBox.

You need to log in before you can comment on or make changes to this bug.