Closed
Bug 351223
Opened 18 years ago
Closed 18 years ago
Neverending TAB/WINDOW Loop with RSS Feeds
Categories
(Firefox :: File Handling, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 167320
People
(Reporter: barry, Assigned: mconnor)
References
()
Details
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1b2) Gecko/20060821 Firefox/2.0b2
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1b2) Gecko/20060821 Firefox/2.0b2
Firefox, Prefernces, Feeds.
Set Firefox to be the "Chosen Application"
Click on feed link.
WALLAH - Windows or tabs will continue to open and open and open until crash - Firefox or System, depending on System.
Reproducible: Always
Steps to Reproduce:
Firefox, Prefernces, Feeds.
Set Firefox to be the "Chosen Application"
Click on feed link.
WALLAH - Windows or tabs will continue to open and open and open until crash - Firefox or System, depending on System.
Actual Results:
CRASH
Expected Results:
I imagine Forefox should detect an open window loop.
Seriously, this could be easily exploited to cause browser and system crashes at will.
Feel free to contact me if you are unable to replicate.
Updated•18 years ago
|
Flags: blocking-firefox2?
Whiteboard: [sg:dos]
Comment 1•18 years ago
|
||
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1) Gecko/20060925 BonEcho/2.0
I was unable to replicate. I did the following:
1) Set "Live Bookmark" as the default reader to use
2) Clicked on the URL field in the bug.
The feed was added normally. Did I miss something? If not can you try with RC1?
http://www.mozilla.org/projects/bonecho/all-rc.html
Reporter | ||
Comment 2•18 years ago
|
||
"Live Bookmarks" is not the chosen application (Mac OS X), use the "Choose Application" button, then select Firefox.app.
If browse preferences is set to tabbed browsing, tabs continue to open.
If browse preferences is set to windowed bowsing, windows continue to open.
Do not use a pre-existing Live Bookmark to view the feed, you must click on a feed URL to replicate.
Firefox should detect that it is being asked to open a document, and open that document accordingly, or refuse the document and pass the task to another program (else throw an error)...
Firefox should not continue to open the same document repeatedly until crash under any circumstance.
Comment 3•18 years ago
|
||
Ok - able to reproduce with those steps:
1) Choose application - select "Firefox.app or BonEcho.app"
2) Choose the URL in the bug
3) Watch lots of tabs open
Assignee: nobody → mconnor
Updated•18 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 4•18 years ago
|
||
dveditz is happy to wait for a point release where we prevent firefox from being chosen
Flags: blocking-firefox2? → blocking-firefox2-
Whiteboard: [sg:dos] → [sg:dos][Fx 2.0.0.1]
Reporter | ||
Comment 5•18 years ago
|
||
Waiting for a dot release would probably be the right decision based on the fact that you are at RC1.
I might suggest that handling the "Chosen Application" is not the issue however.
The issue in my opinion is that FireFox allows this looping at all, just because it is with an RSS feed today, it might be through another technology later, and could even be maliciously targeted and attacked.
FireFox should be able to recognize a chain of identical requests and protect the system from them. Just like a user accidentally double clicking a hundred images and being prompted (are you sure?)...
I might take the instance:
Check if the document is currently loaded.
If no, load it.
If yes, prompt user for confirmation.
Assignee | ||
Comment 6•18 years ago
|
||
this is annoying, but certainly not exploitable (since its triggered locally, not by web content)
also a fairly well-duped bug (duping to the older one, but there's another one with another dozen dupes)
easier to fix on mac, harder to fix on other platforms.
*** This bug has been marked as a duplicate of 167320 ***
Group: security
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dos][Fx 2.0.0.1]
You need to log in
before you can comment on or make changes to this bug.
Description
•