A security researcher who two weeks ago found a bug that could crash all WebKit-based apps on iPhones, iPads, and Macs, has now discovered another browser bug that can crash Firefox browsers, and sometimes the entire operating system underneath it.
The bug is just the latest addition to Browser Reaper, a web portal set up by Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire.
Haddouche has been researching denial of service (DoS) vulnerabilities as a hobby and has now identified one in every major browser engine –Chrome, Safari (WebKit), and Firefox.
His latest addition, the Firefox bug, will crash Firefox’s browser process on Macs and Linux systems, resulting in the browser showing its classic Crash Reporter popup.
On Windows, the bug is a little bit worse, as besides sometimes crashing the browser, the bug has also been observed freezing the entire operating system, requiring users to perform a hard reboot.
During our experiments, the DoS bug worked against the latest Firefox stable release, but also Firefox Developer and Nightly editions. The bug did not crash Firefox for Android instances, according to ZDNet‘s tests. Firefox uses the WebKit engine on iOS, instead of its new Quantum engine, so iPhone and iPad users aren’t affected.
“What happens is that the script generates a file (a blob) that contains an extremely long filename and prompts the user to download it every one millisecond,” Haddouche told ZDNet in an interview
“It, therefore, floods the IPC (Inter-Process Communication) channel between Firefox’s child and main process, making the browser at the very least freeze,” the researcher added.
A proof-of-concept HTML page that triggers the bug has been hosted on GitHub. Accessing this link won’t crash your browser, but only reveal the test page’s source code.
Haddouche reported the bug to Mozilla’s staff earlier today. ZDNet readers can follow the bug report for more details and an upcoming Firefox update.