Dependency of JavaScript objects is Misconfigured Browser Crashes.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mozilla Firefox |
Confirmed
|
Unknown
|
|||
firefox (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Hey Team ,
The bug i want to mention here is a denial of service attack that will not allow any kind of redirection on a page crafted by attacker where we have used hyper-links(ahref).
The bug can be maliciously used by crafting an HTML file by an attacker and then sending it to the victim clearly showing there is a hyper-link that redirects to lets say (google.com) through status bar but it will not , instead cause denial of service , browser's also hang up and Crashes.
I have tested it on the Very Latest Version of Ubuntu LTS Default Browser.
Reason:
The following script stops the page from being redirected:
window.
//Unredirectable Page
setTimeout(
}
Demo URL : http://
Actual results:
It should redirect me to the new page , where as it don't redirect to a new page and the browsers Hangs up.
Expected results:
So dependency of JavaScript objects(
Attached POC for References
Changed in firefox (Ubuntu): | |
status: | New → Confirmed |
Changed in firefox: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Changed in firefox: | |
importance: | Medium → Unknown |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0
Build ID: 20160405015839
Steps to reproduce:
When cautiously investigating a suspicious looking email, I tried to report a page using ‘Report deceptive site...’, but doing so just redirected me to another spam webpage instead of the report page.
An email tricked me into opening it by claiming to be from well-known shop Marks & Spencer, but on reading it clearly wasn't. It linked to this page, which I cautiously opened in a private window to find out what it was doing and whether the site should be reported: n.mobzones. com/uk/ m-s?offer= 271
I clicked on the answer ‘Marks & Spencer’, which went to a page with a really long URL (but still http:, not data: or anything funky).
Then I pressed Alt+H and chose ‘Report deceptive site...’.
Actual results:
The question popped up asking if I was sure I wanted to leave the page.
I chose ‘Leave Page’, and was redirected (via a bunch of ad networks) to a dating website.
I went back, repeated, chose ‘Stay on Page’, and was still redirected to the same dating site.
Expected results:
I should've reached the site for reporting the page I was on.
Ideally ‘Report deceptive site...’ wouldn't ever trigger the confirmation for leaving the page, but if it does then ‘Leave Page’ should go to the reporting site and ‘Stay on Page’ should stay there; neither of them should redirect to a completely different page.
(Please note I'm not saying this specific site definitely merits being reported. Merely the form for doing so should have been displayed.)