Using malicious JavaScript, Mozilla Firefox can crash or freeze by having a victim visit a specific website through the browser. The source code for the attack was released last Friday by researcher Sabri Haddouche, who dubbed the series of browser bugs “Browser Reaper” and claimed it can crash version 62.0.2 of Firefox. He also has source code that can infect Chrome versions 69 and OS 69, along with Safari versions iOS and macOS 9.0 through 12.0. All three of the PoC attacks are unique in their own right. iOS devices can be crashed using cascading style sheets and HTML code, while Chrome browsers can be shut down by simply using one line of JavaScript. The Firefox bug spawns a long name file and the system then tries to download once every millisecond, causing the IPC channel to overload. In turn, it freezes or crashes the browser. Tests were run on both Linux and Mac systems, which triggered a Mozilla Crash Report notification. At this time, there is no known way to mitigate the attack and Mozilla has yet to respond. They have been notified and are developing a file download limitation to prevent flooding of the channel.
