Closed Bug 1491964 Opened 6 years ago Closed 6 years ago

crashsafari.com crashes Firefox Nightly on Linux [DoS / rapid system memory exhaustion]

Categories

(Firefox :: Untriaged, defect)

64 Branch
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1314912

People

(Reporter: u580221, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0 Build ID: 20180917100342 Steps to reproduce: 1. Opened crashsafari.com Actual results: Memory usage of firefox quickly climbs to >10GB with no stopping in sight Expected results: Firefox stops memory allocation for the tab at a reasonable limit and requires at the very least a user confirmation before more resources can be used
A few more notes in case this turns out to be a general no-memory-limit-for-tab issue: my expectation would be Firefox reasonably limits any tab in memory usage (e.g. with a limit defaulting to 10% of total system memory or something like that). Using more with user confirmation is ok, but any web page shouldn't be able to risk a system crash by just using up arbitrary amounts of memory willy-nilly (be it via JS or via DOM)
This also still reproduces for me: #330029 (after >10 years.) - and no it doesn't present a script hang dialog as a comment suggests, but happily eats up ALL SYSTEM MEMORY heading for an inevitable crash that might also affect other programs, especially on Linux where overallocation will not necessarily kill the offending program. Therefore, I really think this should be fixed
The crashsafari/history.pushState abuse is tracked in bug 1314912. The other bug you cite is tracked in that other bug. Filing duplicates isn't going to help getting it fixed.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Sorry, did not intentionally file a duplicate. (Wasn't aware the crashsafari issue already exists, and the other one I stumbled across afterwards by pure chance)
You need to log in before you can comment on or make changes to this bug.