Bugs that shut down certain applications like a web browser are not uncommon, but those that can also crash your PC is a bit more worrying. That's what a new bug found in Firefox is capable of, as revealed by Sabri Haddouche, a software engineer and security researcher who also recently disclosed a vulnerability that could crash an iPhone and freeze Microsoft Edge, Safari, and Internet Explorer.
Haddouche claimed that the new Firefox bug has the ability to crash the browser's process on Windows machines and sometimes freeze the entire operating system. As a result, a hard reboot needs to be performed on the affected PC. The bug was also announced via his Twitter account:
Haddouche said in an interview with ZDNet, explaining the bug's behavior:
"What happens is that the script generates a file (a blob) that contains an extremely long filename and prompts the user to download it every one millisecond. It, therefore, floods the IPC (Inter-Process Communication) channel between Firefox's child and main process, making the browser at the very least freeze."
The problem is less alarming on Mac computers and Linux systems as the bug only kills the browser. ZDNet noted that the bug is classified as a form of denial of service (DoS) which affects the latest Firefox stable release, Firefox Developer, and the Nightly edition.
The bug does not seem to work on Firefox for Android. Apple devices such as the iPhone and iPad are not affected as well. Nonetheless, Haddouche's latest disclosure highlights the growing spread of DoS vulnerabilities to major browsers which include Chrome and Safari.
Source: Sabri Haddouche (Twitter) via ZDNet
4 Comments - Add comment