Anyone who uses Firefox will know Mozilla has done plenty over recent years to prevent bugs that crash the browser. Bugs that crash Firefox used to be common but are now thankfully not regularly occurring events. However, a new vulnerability in the browser has the potential to crash the program and the OS on Windows PCs.
In other words, the bug could result in machines crashing and needing to be hard rebooted. Software engineer and security researcher Sabri Haddouche already disclosed a flaw that leads to Safari, Internet Explorer, and Microsoft Edge crashing on iPhones.
It seems this bug has wider consequences on Windows devices when running through Firefox. Haddouche says the vulnerability harms the running process of the browser and can freeze the whole OS.
The researcher spoke to ZDNet about how the vulnerability manifests:
“What happens is that the script generates a file (a blob) that contains an extremely long filename and prompts the user to download it every one millisecond. It, therefore, floods the IPC (Inter-Process Communication) channel between Firefox's child and main process, making the browser at the very least freeze.”
— Sabri (@pwnsdx) September 23, 2018
Interestingly, the vulnerability seems to be a problem for Windows machines. On Mac or Linux-based computers, the bug is observable and present, although it will only crash the browser. Inconvenient yes, but at least no potentially damaging hard reboot is necessary.
The bug affects the latest stable build of Firefox. It is also present in the preview branches of Developer and Nightly editions. Firefox is a cross-platform browser these days, but the difference of the Android and iOS apps means the browser is not affected on those devices.
We guess Mozilla will be eager to implement a fix for this problem. Having said that, the company has yet to respond to the disclosure.