Mozilla Foundation Security Advisory 2014-20

onbeforeunload and Javascript navigation DOS

Announced

March 18, 2014

Reporter

Tim Philipp Schäfers, Sebastian Neef

Impact

Low

Products

Firefox, SeaMonkey

Fixed in

Firefox 28
SeaMonkey 2.25

Description

Security researchers Tim Philipp Schäfers and Sebastian Neef, the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page's tab and causing the browser to become unresponsive. This allows for a denial of service (DOS) attack due to resource consumption and blocks the ability of users to exit the application.

References

hanging tab allows attackers to execute JS for a long time in the background, user is not able to close firefox normal (CVE-2014-1500)

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog