Bug found in Firefox that can crash your OS

Posted on Monday, September 24 2018 @ 13:42 CEST by Thomas De Maesschalck
Firefox logo
Security researcher Sabri Haddouche discovered a new vulnerability in Firefox that can crash now only the browser process on Windows machines, but also sometimes the entire operating system. Firefox browsers running on other operating systems are also affected, but in those cases the impact is limited to a browser crash. Mobile devices with Android or iOS do not seem affected.
"What happens is that the script generates a file (a blob) that contains an extremely long filename and prompts the user to download it every one millisecond. It, therefore, floods the IPC (Inter-Process Communication) channel between Firefox's child and main process, making the browser at the very least freeze."

The problem is less alarming on Mac computers and Linux systems as the bug only kills the browser. ZDNet noted that the bug is classified as a form of denial of service (DoS) which affects the latest Firefox stable release, Firefox Developer, and the Nightly edition.
Via: Neowin




Loading Comments