Closed
Bug 275937
Opened 20 years ago
Closed 20 years ago
<img src="mailto:x"> opens default mail-client without user interaction
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 181860
People
(Reporter: bjorn, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Multiple <img src="mailto:#"> (where # is a random string) in a HTML-page can easily crash the whole system by opening 100's of "Compose E-mail"-windows. Proof of concept at http://psionicist.online.fr/intebra.html (will open three windows). Reproducible: Always Steps to Reproduce: 1. Create a HTML-page that looks like this: <html> <img src="mailto:1"> <img src="mailto:2"> <img src="mailto:3"> <img src="mailto:..."> <img src="mailto:n"> </html> 2. Save document. 3. Open it in browser. (4.) Optionally, craft a JavaScript that will output 1000's of <img src="mailto:x">-strings. Actual Results: Several windows were created without user interaction. Expected Results: Nothing. <img src="x"> should not be allowed to open mailto: or protocols other han http: and ftp: Also affects Internet Explorer, Outlook Express, and Mozilla Thunderbird. This is a really old trick exploited in the JS.WindowBomb virus and I have only seen it "in the wild" once, but it is highly annoying and can potentially wreck havock in HTML e-mails as well.
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 181860 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•