Last week, a security researcher pointed out how a CSS-based attack could crash iPhones, iPads, and Mac devices. The same researcher has now come up with another interesting finding. He demonstrates how a new Firefox bug called Browser Reaper crashes a browser allowing for a denial of service. In fact, the same bug can crash Windows PCs as well. Exploit also ‘occasionally’ freezes entire OS on Windows. But he gave Mozilla short notice of the flaw.
Sabri Haddouche, a software engineer and a security researcher at encrypted instant messaging app Wire, said that the bug resides in the Firefox API that prompts automatic download and it can cause Firefox to crash on all major desktop operating systems – Mac, Linux and Windows.
Haddouche created the proof-of-concept (POC) exploit and published it this week on GitHub. Haddouche previously created and released several denial-of-service POCs that cause Chrome, Firefox and Safari web browsers to crash or freeze.
As explained, upon clicking a certain web-link abusing the buggy API, the browser may freeze in an attempt to handle the repeated download attempts of a file having an extensively long name. Since Firefox cannot handle downloading files with long names, such as one having more than 26,000 characters which was used in his demonstration, it eventually crashes following a DoS.
In explaining how the exploit works, Haddouche – who has reported the bug to Mozilla – told ZDNet that “What happens is that the script generates a file (a blob) that contains an extremely long filename and prompts the user to download it every one millisecond. It, therefore, floods the IPC (Inter-Process Communication) channel between Firefox’s child and main process, making the browser at the very least freeze.”
This series of exploits is called Browser Reaper, and the latest one for Mozilla works on Firefox versions 62.0.2 and earlier. Haddouche has also created exploits that could crash an iPhone using CSS and HTML.