Open
Bug 1361653
Opened 8 years ago
Updated 2 years ago
Opening tel: links in an infinite loop slows down Firefox for Android
Categories
(Core :: DOM: Navigation, defect, P3)
Tracking
()
NEW
People
(Reporter: Laraweron, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-dos, Whiteboard: [sg:dos])
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Steps to reproduce:
1.Open the site https://laraweron.mysit.ru/dos23.html
2.If problems occur, restart your phone.
Actual results:
The browser opens the link of tel:999, trying to call the number. This function is placed in an infinite loop, because of this the browser constantly opens the link.
Expected results:
Attention before testing, close all important applications.
Tested in Firefox, 53.
The browser opens an infinite number of Windows, filling all the memory
Summary: Infinite cycle. (Dos) In OS Android → Infinite cycle. (Dos) OC Andriod and Windows
|
||
Comment 2•8 years ago
|
||
tel: on Android is maybe a new wrinkle, but this type of DOS is known and doesn't need to be hidden.
Blocks: eviltraps
Group: firefox-core-security
Component: General → Document Navigation
Keywords: csectype-dos
Product: Firefox for Android → Core
Whiteboard: [sg:dos]
|
||
Comment 3•8 years ago
|
||
On Android 7.2 with an Nexus 5x this gets the phone laggy but does not crash the OS or Firefox in 5 min. I was eventually able to swipe close Firefox / Dialer apps. Not auto launching tel: sms: mms: seems sensible.
|
||
Updated•8 years ago
|
OS: Unspecified → Android
Priority: -- → P3
Hardware: Unspecified → All
The bug is publicly available and can cause inconvenience to users, please correct this vulnerability.
|
||
Updated•7 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Infinite cycle. (Dos) OC Andriod and Windows → Opening tel: links in an infinite loop slows down Firefox for Android
|
||
Comment 5•6 years ago
|
||
How are these links opened? By click? By iframe? The demo page is not available anymore.
A couple of comments:
- if the tel: URLs are opened via iframes, these is not possible anymore because of 167475.
- if the page simulates a click on a anchor element, we could use the popup blocker algorithm.
I need more data to know how to proceed. Thanks.
Flags: needinfo?(Laraweron)
(In reply to Andrea Marchesini [:baku] from comment #5)
Как открываются эти ссылки? По клику? По iframe? Демо-страница больше не
доступна.Пара комментариев:
- если тел: URL открываются через iframes, это больше невозможно из-за
- если страница имитирует щелчок элемента привязки, мы могли бы использовать
алгоритм блокировки всплывающих окон.Мне нужно больше данных, чтобы знать, как действовать. Благодарю.
Hello,
As you and asked putting working version of code. The bug is still faulty
<html>
<body>
<script>
for(i=1;i<100000;i++){
var link = document.createElement('a');
link.href ='tel:999';
document.body.appendChild(link);
link.click();
}
</script>
</body>
</html>
Flags: needinfo?(Laraweron)
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•