Recently, a well-known security researcher, Sabri Haddouche has discovered a new attack that has the ability to block or freeze Firefox on your computer. To make the browser to crash, all that is required is that the user has to visit a webpage with malicious JavaScript code embedded. In recent months, the well-known security researcher, Sabri Haddouche has been devoting himself to investigating denial-of-service attacks that cause most-used web browsers to block or freeze. Without going any further, last week this expert made known an attack developed by him that reboots the iPhone and slows the Mac. On this occasion, the researcher has focused on finding a vulnerability in the Mozilla’s well-known web browser, of course, the Firefox that allows him to block or restart Firefox, and finally he has found a way to do it. As on other occasions, the attack is very easy to execute, since it is triggered at the moment in which a user accesses a website with a malicious JavaScript code.
— Sabri (@pwnsdx) September 23, 2019 In particular, the attack works by overloading the IPC (Inter-Process Communication) channel between the main browser process and a secondary process, which causes the program to freeze and crash. “What happens is that we generate a file that contains an extremely long file name and we ask the user to download it every 1ms, which causes the IPC channel to be flooded,” says the well-known security researcher, of course, Sabri Haddouche. But this is not all. If the attack continues to overload the IPC channel, it may begin to consume the computer’s resources in large quantities, which at the same time may cause the operating system to crash. The well-known security researcher, of course, I am talking about the Sabri Haddouche has tested the effectiveness of his attack in the latest versions of Firefox Quantum, Firefox Beta and the desktop clients of Firefox Nightly. Of course, the browser version for mobile devices, fortunately, is not affected by this attack. However, now according to the latest reports, Mozilla has already started working to solve the problem and prevent the attack from being used. So, what do you think about this new critical Firefox bug? Simply share all your views and thoughts in the comment section below.
Δ