Closed Bug 769760 Opened 12 years ago Closed 12 years ago

The browser crashes on being served an infinite loop of window.open

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
14 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 685828

People

(Reporter: vatsalbakshi, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0
Build ID: 20120624012213

Steps to reproduce:

Entered <a href="javascript: while(1){window.open('http://www.google.com')}"> Hello</a> , while testing for a cross-site scripting vulnerability on an intentionally vulnerable application. 

Steps to reproduce:
1. point the browser to "http://google-gruyere.appspot.com/start/".
2. Create an account.
3. Click on new snippet.
4. Enter the above mentioned payload. 
5. Click on the rendered hyper-link.

This can be reproduced by entering the above payload on any website that is vulnerable to XSS, and entering the above mentioned payload with the inner javascript.


Actual results:

The browser crashed.


Expected results:

When tested on Chrome. The browser handles the requests by limiting the number of windows and does not crash.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.