A security researcher who two weeks ago found a bug that could crash all WebKit-based apps on iPhones, iPads, and Macs, has now discovered another browser bug that can crash Firefox browsers, and sometimes the entire operating system underneath it.
The bug is just the latest addition to Browser Reaper, a web portal set up by Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire.
Haddouche has been researching denial of service (DoS) vulnerabilities as a hobby and has now identified one in every major browser engine --Chrome, Safari (WebKit), and Firefox.
His latest addition, the Firefox bug, will crash Firefox's browser process on Macs and Linux systems, resulting in the browser showing its classic Crash Reporter popup.
On Windows, the bug is a little bit worse, as besides sometimes crashing the browser, the bug has also been observed freezing the entire operating system, requiring users to perform a hard reboot.
During our experiments, the DoS bug worked against the latest Firefox stable release, but also Firefox Developer and Nightly editions. The bug did not crash Firefox for Android instances, according to ZDNet's tests. Firefox uses the WebKit engine on iOS, instead of its new Quantum engine, so iPhone and iPad users aren't affected.
"What happens is that the script generates a file (a blob) that contains an extremely long filename and prompts the user to download it every one millisecond," Haddouche told ZDNet in an interview.
Also: Here's Google's biggest secret to not failing at security TechRepublic
"It, therefore, floods the IPC (Inter-Process Communication) channel between Firefox's child and main process, making the browser at the very least freeze," the researcher added.
A proof-of-concept HTML page that triggers the bug has been hosted on GitHub. Accessing this link won't crash your browser, but only reveal the test page's source code.
Haddouche reported the bug to Mozilla's staff earlier today. ZDNet readers can follow the bug report for more details and an upcoming Firefox update.
Previous and related coverage:
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.
This simple advice will help to protect you against hackers and government surveillance.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
If you can't answer these basic questions, your security could be at risk.
Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.
Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.