Firefox DoS issue crashes the browser and sometimes the Windows OS

A security researcher discovered a bug affecting Firefox on Mac, Linux, and Windows that could crash the browser and in some cases the underlying OS.

The security researcher Sabri Haddouche from Wire discovered a bug that affects Firefox on Mac, Linux, and Windows that could crash the browser and in some cases the underlying PC.

Haddouche was focusing its analysis on vulnerabilities that affect major browsers (Chrome, Safari (WebKit), and Firefox), he published his findings on the Browser Reaper web site.

The expert published on the website the PoC code to crash Firefox on Macs and Linux systems, causing the browser displaying the Crash Reporter message.

The expert published the proof-of-concept code on GitHub.

The issue could have more severe effects on Windows because in some circumstance it caused the freezing of the operating system.

Researchers at ZDNet conducted some tests to verify which systems are affected by the bug.

“During our experiments, the DoS bug worked against the latest Firefox stable release, but also Firefox Developer and Nightly editions.” states ZDNet.

“The bug did not crash Firefox for Android instances, according to ZDNet’s tests. Firefox uses the WebKit engine on iOS, instead of its new Quantum engine, so iPhone and iPad users aren’t affected.”

“What happens is that the script generates a file (a blob) that contains an extremely long filename and prompts the user to download it every one millisecond,” Haddouche explained to ZDNet in an interview.

“It, therefore, floods the IPC (Inter-Process Communication) channel between Firefox’s child and main process, making the browser at the very least freeze,” the researcher added.

The researcher reported the bug to Mozilla on September 23.

Haddouche discovered a few days ago a new CSS/HTML attack method that saturates Apple devices’ resources causing iPhone reboot or freezes Macs.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Firefox bug, DoS)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.