Endpoint Vulnerability

onbeforeunload and Javascript navigation DOS

Description

Security researchers Tim Philipp Sch fers and Sebastian Neef, the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page's tab and causing the browser to become unresponsive. This allows for a denial of service (DOS) attack due to resource consumption and blocks the ability of users to exit the application.

Affected Products

Firefox

References

CVE-2014-1500,