User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 Build ID: 20161025170400 Firefox for Android Steps to reproduce: Hey Team , The bug i want to mention here is a denial of service attack that will not allow any kind of redirection on a page crafted by attacker where we have used hyper-links(ahref). The bug can be maliciously used by crafting an HTML file by an attacker and then sending it to the victim clearly showing there is a hyper-link that redirects to lets say (google.com) through status bar but it will not , instead cause denial of service , browser might also hang up. Reason: The following script stops the page from being redirected: window.onbeforeunload = function(){ //Unredirectable Page setTimeout("window.location=document.location;",0); } Demo URL : hackies.in/Unredirect-Browsers-Test.html --> I have hosted the Script. Actual results: Expected results: It should redirect me to the new page. Expected results: I have tested it in Firefox iOS Browser where redirection is occurring. So dependency of JavaScript objects(window.document) on Href attribute should not be there.