Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2014-1500

Source

Mozilla Foundation Security Advisory 2014-20

onbeforeunload and Javascript navigation DOS

Announced

March 18, 2014

Reporter

Tim Philipp Schäfers, Sebastian Neef

Impact

Low

Products

Firefox, SeaMonkey

Fixed in

Firefox 28
SeaMonkey 2.25

Description

Security researchers Tim Philipp Schäfers and Sebastian Neef, the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page's tab and causing the browser to become unresponsive. This allows for a denial of service (DOS) attack due to resource consumption and blocks the ability of users to exit the application.

References

hanging tab allows attackers to execute JS for a long time in the background, user is not able to close firefox normal (CVE-2014-1500)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

onbeforeunload and Javascript navigation DOS

onbeforeunload and Javascript navigation DOS

Description

References

Vulmon Search

About

Products

Connect