User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 Build ID: 20161025170400 Steps to reproduce: Hey Team , The bug i want to mention here is a denial of service attack that will not allow any kind of redirection on a page crafted by attacker where we have used hyper-links(ahref). The bug can be maliciously used by crafting an HTML file by an attacker and then sending it to the victim clearly showing there is a hyper-link that redirects to lets say (google.com) through status bar but it will not , instead cause denial of service , browser might also hang up. I have tested it on the Very Lasted Version of the Mozilla from Android attached screen shot for References Reason: The following script stops the page from being redirected: window.onbeforeunload = function(){ //Unredirectable Page setTimeout("window.location=document.location;",0); } Demo URL : http://hackies.in/Unredirect-Browsers-Test.html --> I have hosted the Script. Actual results: It should redirect me to the new page , where as it don't redirect to a new page and the browsers Hangs up. Expected results: I have tested it in Firefox iOS Browser where redirection is occurring. So dependency of JavaScript objects(window.document) on Href attribute should not be there. Attached POC for References

This is gecko code, so no point having two bugs.