It has been discovered that Mozilla Firefox web browser has a Denial of Service (DoS) bug that makes it crash.
It was Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire, that discovered it. He found that the bug can cause Firefox to crash on all major desktop operating systems, which include Windows, Mac and Linux.
On Windows and Mac, the bug can make Firefox to crash and show its usual Crash Reporter pop-up. The bug not only crashes Firefox, but also capable of "occasionally" freezing the entire OS, requiring users, especially Windows users who are affected the most, to perform a hard reboot.
Haddouche who reported the bug to Mozilla, explained that "the script generates a file (a blob) that contains an extremely long filename and prompts the user to download it every one millisecond."
"It, therefore, floods the IPC (Inter-Process Communication) channel between Firefox's child and main process, making the browser at the very least freeze," he added.
(and yes, it includes a crash / freeze for Firefox and its source code as promised) pic.twitter.com/Q6UlBWIXe6
— Sabri (@pwnsdx) September 23, 2018
In Haddouche's demo of the bug, he created a file with a name over 26,000 characters long. "You can't download it," he said. "Firefox cannot recover and needs to be restarted by force."
The bug was discovered on all Firefox stable releases, as well as Firefox Developer and Nightly editions, on those three popular desktop operating systems.
But on Mozilla's iOS and Android apps which use the WebKit engine as opposed to Mozilla's Quantum engine, the bug didn't do anything.
In some cases, the bug can also crash Google's Chrome browser by filling it up with repeated download requests. A temporary fix for either browser involves going into the software's settings and blocking it from automatically running JavaScript.
A proof-of-concept HTML page that triggers the bug has been posted on GitHub.
News of the bug comes just days after Mozilla released its much-hyped Firefox Reality browser, a "built from the ground up" version of Firefox Quantum designed specifically for users who want to browse the web using VR headsets.
The news also comes about a week after Haddouche disclosed a CSS-based bug capable of restarting Apple devices and freezes Microsoft browsers.