Browser Reaper: exploit causes Firefox to crash

Browser Reaper

A security researcher has developed an attack that exploits a Firefox bug, making it possible to crash the web browser.

Sabri Haddouche used his Browser Reaper website to share a live test version of the exploit -- the site is also home to exploits for Chrome and Safari. The Firefox attack uses JavaScript to crash or freeze the browser, with the effect of the exploit depending on whether the browser is running on Linux, Windows or macOS.

See also:

By simply visiting a specially-crafted website, it is possible to kill Firefox, and the problems affects all versions of the web browser including Beta and Nightly builds. In some circumstances, in addition to taking down the browser, the attack can cause the host operating system to crash as well.

In addition to sharing the exploit on Browser Reaper, Haddouche went public with his findings on Twitter:

Speaking to BleepingComputer, Haddouche explained:

What happens is that we generate a file (a blob) that contains an extremely long filename and prompt the user to download it every 1ms, therefore it flood the IPC channel between the child and main process, making the browser at the very least freeze.

The source code for the exploit can be found on GitHub. The problem has been reported to Mozilla, but no patch has yet been created. It is possible to avoid the problem by disabling JavaScript, or using a tool such as NoScript.

© 1998-2018 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.