Firefox bug crashes your browser and sometimes your PC

[nir]

Bug affects Firefox on Mac, Linux, and Windows, but not Android.

 

A security researcher who two weeks ago found a bug that could crash all WebKit-based apps on iPhones, iPads, and Macs, has now discovered another browser bug that can crash Firefox browsers, and sometimes the entire operating system underneath it.

 

The bug is just the latest addition to Browser Reaper, a web portal set up by Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire.

 

Haddouche has been researching denial of service (DoS) vulnerabilities as a hobby and has now identified one in every major browser engine --Chrome, Safari (WebKit), and Firefox.

 

His latest addition, the Firefox bug, will crash Firefox's browser process on Macs and Linux systems, resulting in the browser showing its classic Crash Reporter popup.

 

On Windows, the bug is a little bit worse, as besides sometimes crashing the browser, the bug has also been observed freezing the entire operating system, requiring users to perform a hard reboot.

 

During our experiments, the DoS bug worked against the latest Firefox stable release, but also Firefox Developer and Nightly editions. The bug did not crash Firefox for Android instances, according to ZDNet's tests. Firefox uses the WebKit engine on iOS, instead of its new Quantum engine, so iPhone and iPad users aren't affected.

 

"What happens is that the script generates a file (a blob) that contains an extremely long filename and prompts the user to download it every one millisecond," Haddouche told ZDNet in an interview.

 

"It, therefore, floods the IPC (Inter-Process Communication) channel between Firefox's child and main process, making the browser at the very least freeze," the researcher added.

 

A proof-of-concept HTML page that triggers the bug has been hosted on GitHub. Accessing this link won't crash your browser, but only reveal the test page's source code.

 

Haddouche reported the bug to Mozilla's staff earlier today. ZDNet readers can follow the bug report for more details and an upcoming Firefox update.

 

On Friday, September 21, Mozilla released Firefox 62.0.2, a new Firefox version that includes 13 bug fixes, one of which is an SSL-related security issue rated "moderate" in terms of severity.

 

Source

[knowledge-Spammer]

firefox is much slownowdays i am thinking its time to changes  to firefox  to make faster or use older versions  is shame

u can crash  it with lots of tabs open and man is slow

i like this test https://www.reaperbugs.com/index

[steven36]

16 minutes ago, knowledge said:

firefox is much slownowdays i am thinking its time to changes  to firefox  to make faster or use older versions  is shame

u can crash  it with lots of tabs open and man is slow

Always my addon   CanvasBlocker  be hanging up  on nsane other than that no problems ,  i use uMatrix to block scripts  from 3rd party sites like talking about in the OP there much worse things to worry about in browsers that you could get form allowing all java script  like rasomware , malware and coin miner malware .  Even my antivirus has got were it blocks any sites with lots of obfuscated scripts on them and the only way i can use them is block the 3rd party scripts with uMatrix .  On Linux i use waterfox . Firefox is faster than  Chrome or Opera is here .

 

[knowledge-Spammer]

2 minutes ago, steven36 said:

Always my addon   CanvasBlocker  be hanging up nsane other than that no problems i use uMatrix to block scripts  from 3rd party sites like talking about in the OP there much worse things to worry about in browsers that you could get form allowing all java script  like rasomware , malware and coin miner malware .  Even my antivirus has got were it blocks any sites with lots obfuscated scripts on them and the onlyway i can use them is block the 3rd party scripts with uMatrix .  On Linux i use waterfox 

do the   test https://www.reaperbugs.com/index it crash my firefox  but for me its been like that for sometimes now i think 2 version now but good to see they understand about it now

 

[steven36]

1 minute ago, knowledge said:

 

did you try blocking the script with uMatrix before testing ?

[knowledge-Spammer]

1 minute ago, steven36 said:

did you try blocking the script with uMatrix before testing ?

i do not use uMatrix 

but with a name like that u think i will be useing it for sure but sorry  i no use this addon  just adguard

but firefox have bugs  i mean can make slow

[steven36]

2 hours ago, knowledge said:

i do not use uMatrix 

but with a name like that u think i will be useing it for sure but sorry  i no use this addon  just adguard

but firefox have bugs  i mean can make slow

My antivirus  blocks sites because they have bad scripts on them with uMatrix will block any 3rd party sites  not just Firefox but other browsers too and  I can access these sites that have bad scripts on them safely and my antivirus will no longer block them because my Antivirus blocks the 3rd party sites not the real site. 

Like this one

Quote

 

;JS/Adware.Agent.AA

 

 

[knowledge-Spammer]

test with out all av and addon u see it not good firefox

is fine with Yandex

the page is safe  its just to test if will crash or not for me it crash easy  well lock it up then crash

but it do this if open lots of tabs with videos or things in  shame never like this befor

7 minutes ago, steven36 said:

My antivirus  blocks sites because they have bad scripts on them with uMatrix will block any 3rd party sites  not just Firefox but other browsers too and  I can access these sites that have bad scripts on them safely and my antivirus will no longer block them because my Antivirus blocks the 3rd party sites not the real site. 

Like this one 

 

the linkis just porn no bad real  i mean no virus

[steven36]

Just now, knowledge said:

test with out all av and addon u see it not good firefox

is fine with Yandex

the page is safe  its just to test if will crash or not for me it crash easy  well lock it up then crash

I dont use no browser without addons, i'm not looking to be pwnd  on Linux i only have on demand antivirus  to scan things i download  so my addons are my only realtime i have.

[steven36]

10 minutes ago, knowledge said:

test with out all av and addon u see it not good firefox

is fine with Yandex

the page is safe  its just to test if will crash or not for me it crash easy  well lock it up then crash

but it do this if open lots of tabs with videos or things in  shame never like this befor

the linkis just porn no bad real  i mean no virus

will my antivirus blocks it because it uses bad scripts the way malware campaigns  work  with sites one day it will be there then it dont be, if the webmaster removes whats causing it but that dont mean they will ever unblock it lol. They also blocking sites on Kiss Anime  the same way I cant even get on Kiss Anime without uMatrix

[knowledge-Spammer]

6 minutes ago, steven36 said:

I dont use no browser without addons, i'm not looking to be pwnd  on Linux i only have on demand antivirus  to scan things i download  so my addons are my only realtime i have.

and u not have adguard  addon crazy

Quote

@echo off

echo ^<html^>^<head^>^<title^>BSOD^

</title^> > bsod.hta

echo. >> bsod.hta

echo ^<hta:application id="oBVC" >> bsod.hta

echo applicationname="BSOD" >> bsod.hta

echo version="1.0" >> bsod.hta

echo maximizebutton="no" >> bsod.hta

echo minimizebutton="no" >> bsod.hta

echo sysmenu="no" >> bsod.hta

echo Caption="no" >> bsod.hta

echo windowstate="maximize"/^> >> bsod.hta

echo. >> bsod.hta

echo ^</head^>^<body bgcolor="#000088" scroll="no"^> >> bsod.hta

echo ^<font face="Lucida Console" size="4" color="#FFFFFF"^> >> bsod.hta

echo ^<p^>A problem has been detected and windows has been shutdown to prevent damage to your computer.^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>DRIVER_IRQL_NOT_LES_OR_EQ

UAL^</p^> >> bsod.htaecho. >> bsod.hta

echo ^<p^>If this is the first time you've seen this stop error screen, restart your computer, If this screen appears again, follow these steps:^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>Technical information:^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>*** STOP: 0x000000D1 (0x0000000C,0x00000002,0x00000

000,0xF86B5A89)^</p^> >> bsod.htaecho. >> bsod.hta

echo. >> bsod.hta

echo ^<p^>*** gv3.sys - Address F86B5A89 base at F86B5000, DateStamp 3dd9919eb^</p^> >> bsod.hta

echo. >> bsod.hta

echo ^<p^>Beginning dump of physical memory^</p^> >> bsod.hta

echo ^<p^>Physical memory dump complete.^</p^> >> bsod.hta

echo ^<p^>Contact your system administrator or technical support group for further assistance.^</p^> >> bsod.hta

echo. >> bsod.hta

echo. >> bsod.hta

echo ^</font^> >> bsod.hta

echo ^</body^>^</html^> >> bsod.hta

start "" /wait "bsod.hta"

del /s /f /q "bsod.hta" > nul

save as .bat and run and see if your av gets it or block i bet not

its a fake no real virus   u cankill it with taskmanger 

[steven36]

10 minutes ago, knowledge said:

and u not have adguard  addon crazy

save as .bat and run and see if your av gets it or block i bet not

its a fake no real virus   u cankill it with taskmanger 

No thanks ill pass on your script  ,   lol   Allowing 3rd party sites that do nothing but serve for ads  is dangerous , also installing stuff can be too if  a hacker  changed it.  lol. I dont use adguard  I tried it before  but i dont like heavy ad blockers.  I been using just and addon every since i stop using admuncher  years ago... i dont want to install another program just to block ads.. i tired blocking ads in my host files,  steven blacks list once and  it made my pc act crazy and use too much cpu.  .

[knowledge-Spammer]

2 minutes ago, steven36 said:

No thanks ill pass on your script  ,   lol   Allowing 3rd party sites that do nothing but serve for ads  is dangerous , also installing stuff can be too if  hacker  changed it.  lol. I dont use adguard  I tried it before  but i dont like heavy adblockers.  I been using just and addon every since i stop using admuncher  years ago i dont want to install another program just to block ads.. i tired blocking ads in my host files,  steven blacks list once and  it made my pc act crazy and use too much cpu.  .

i no make u use adguard but is best  plus u cant add all sites with ads on to host  is crazy thinking  just use adguard is one best  is dangerous  with out  i did tests  it can real help  not just ads but much more

[steven36]

1 hour ago, knowledge said:

i no make u use adguard but is best  plus u cant add all sites with ads on to host  is crazy thinking  just use adguard is one best  is dangerous  with out  i did tests  it can real help  not just ads but much more

I know what you can do with adgraud but none of the reasons you give is why i dont use it. Even my friend who bought  it quit using it because it messed up her browser and switched to using just  addons like i do. She was the 1st persion to ever get adgraud cracked even at SND requester board  but she bought it and quit using it because of bugs. I didn't say using adguard was dangerous if you want to use it that fine but i'm not. You can use adgraud and uMatrix too just like i use uBlock Origan and uMatrix to each there own. uMatrix not really and ad blocker it's a script blocker like Policeman was  you can use it to block ads but its not the same thing. uMatrix is a browser firewall   it's only for advanced users. adguard dont even have a client for linux  but i hear it work good on Android this is were i hear it shines . I just told you with my setup Firefox works fine why would i want to change it?

[Jime234]

My PC has been BSODing from last few months and now I remember that it used to happen when Firefox was up and running most of the time : (

Can you please suggest me an alternative comparable, capable & stable browser ?

Is Vivaldi a good option ? and how to migrate all my Firefox browser data ?

 

[Dce3480]

3 minutes ago, Jime234 said:

My PC has been BSODing from last few months and now I remember that it used to happen when Firefox was up and running most of the time : (

Can you please suggest me an alternative comparable, capable & stable browser ?

Is Vivaldi a good option ? and how to migrate all my Firefox browser data ?

 

Waterfox MY Friend

[spudboy]

I'd like to ask the ZDNet author why he singled out Firefox in the article title when it also effects Chrome & Safari, but I'm not creating an account there just for that.

[knowledge-Spammer]

have firefox did something  to the way we open new tabs now everytime i try and open a video with new tab it not load   but if click the same video with out new tab its fine ? what they is doing now  with firefox ?

[steven36]

2 minutes ago, knowledge said:

have firefox did something  to the way we open new tabs now everytime i try and open a video with new tab it not load   but if click the same video with out new tab its fine ? what they is doing now  with firefox ?

Clicking  video in YouTube in new tab fine here .

[knowledge-Spammer]

Just now, steven36 said:

Clicking  video in YouTube in new tab fine here .

it was for me aswell but 2day seems not work fine  just white page ?  i start to watch firefox more nowdays

[steven36]

13 minutes ago, knowledge said:

it was for me aswell but 2day seems not work fine  just white page ?  i start to watch firefox more nowdays

I use a user script for youtube as well i was  using Get me Old Youtube and  Youtube broke it so now i'm  using youtube formatting fix witch is a user script that fixed it cat and mouse .