Browser Reaper: exploit causes Firefox to crash
A security researcher has developed an attack that exploits a Firefox bug, making it possible to crash the web browser.
- Users balk as Chrome 69 forcibly signs them into the browser
- Chrome OS 69 rolls out with Linux app support and new Material Theme
- How get rid of Chrome's stupid new rounded look
By simply visiting a specially-crafted website, it is possible to kill Firefox, and the problems affects all versions of the web browser including Beta and Nightly builds. In some circumstances, in addition to taking down the browser, the attack can cause the host operating system to crash as well.
In addition to sharing the exploit on Browser Reaper, Haddouche went public with his findings on Twitter:
(and yes, it includes a crash / freeze for Firefox and its source code as promised) pic.twitter.com/Q6UlBWIXe6
— Sabri (@pwnsdx) September 23, 2018
Speaking to BleepingComputer, Haddouche explained:
What happens is that we generate a file (a blob) that contains an extremely long filename and prompt the user to download it every 1ms, therefore it flood the IPC channel between the child and main process, making the browser at the very least freeze.