Closed Bug 907634 Opened 8 years ago Closed 3 years ago

Stop script refuse to appear

Categories

(Firefox :: Security, defect)

23 Branch
x86_64
Windows 7
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: ionut.cernica, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-dos, sec-other)

Attachments

(1 file)

Attached file FirefoxCrash.html
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release)
Build ID: 20130814063812

Steps to reproduce:

I've made a function in javascript for a tool that I will use it in my test
And I did an mistake in that function that made my code to loop at infinite.





Actual results:

Because I use event attribute onkeyup the message "Stop this Script" refuse to appear. When I used same script but I changed the attribute to onmouseover, the message "Stop this script" appeared.




Expected results:

I don't think to explain the expected result.
So, the function I written was:
##########################################
function checkOctal(ip) {
var d = ip.split('.');
var ip1 = parseInt(d[0]).toString(8);
var ip2 = parseInt(d[1]).toString(8);
var ip3 = parseInt(d[2]).toString(8);
var ip4 = parseInt(d[3]).toString(8);
while(ip1.length != 3){
ip1 = "0"+ ip1;
}

while(ip2.length != 3){
ip2 = "0"+ ip1;
}

while(ip3.length != 3){
ip3 = "0"+ ip1;
}

while(ip4.length != 3){
ip4 = "0"+ ip1;
}

return ("http://"+ip1+ip2+ip3+ip4+"/");

}
##########################################

you have the html file at attachments for a P.o.C.
Severity: normal → major
Priority: -- → P3
Component: Untriaged → Security
flagging bug as a security bug
Group: core-security
Severity: major → normal
Component: Security → Untriaged
Priority: P3 → --
Component: Untriaged → Security
Group: core-security
Keywords: csec-dos
Flags: sec-bounty-
I don't understand, this is a security problem or not?
Attachment #793411 - Attachment mime type: text/plain → text/html
Cernica,

This is considered a very minor security issue as a denial of service attack.
Status: UNCONFIRMED → NEW
Ever confirmed: true
This issue appears to be fixed in Firefox 59.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.