Security

Firefox Quantum, Beta and Nightly Affected by ‘Reap Firefox’ Crash Attack

A particular vulnerability in the present Firefox browser has been unraveled by the security researcher and basically the creater of this bug, Sabri Haddouche in his blog post. He pointed towards a bug which brings the browser and also the operating system possibly with a ‘Reap Firefox’ attack crash. This vulnerability affects Firefox versions working under Linux, macOS and Windows.

In a tweet, he pointed towards all the facts regarding this new discovery.

On reaperbugs.com, Haddouce provided a test for various browsers including REAP Chrome, REAP Safari, REAP Firefox. When clicking on REAP Firefox icon in Firefox, a dialog box with a warning appears. If the user confirmed it, the Firefox browser would immediately freeze after. In Windows 7 SP1, it was not possible to cancel the dialog box by simply pressing the Close button or even through Task Manager due to the amount of memory being requested. The system remained busy and could only be switched off by pressing the switch for a longer period of time.

How the Bug Works

Borncity.com gave a detailed workout of how this bug actually works. The IPC channel is flooded as a result of this attack for interprocess communication between the main Firefox browser process and a subprocess. This consequently makes the browser go in a frozen state and ultimately leads to its crash. This was reported by Haddouche as well. In an interview to BleepingComputer he commented, “What happens is that we generate a file (a blob) that contains an extremely long filename and prompt the user to download it every 1ms, therefore it flood the IPC channel between the child and main process, making the browser at the very least freeze.”

More specifically, a file is generated which contains a fairly long filename. It prompts the user process to download this file every one minute. It naturally floods the IPC channel between the main process and the child process. In the end it freezes the browser. In case a user tends to visit a page which uses this attack with Firefox’s desktop version, the browser will stop responding. The user may receive the following message: Firefox has stopped responding or something similar. In the worst scenario, the browser may completely crash and if required may even entrain the operating system. The whole thing might work but most likely only in case Javascript has been activated.

Currently, the attack is affecting the users of Firefox Beta, Firefox Quantum and Firefox Nightly. However, this attack will not be affecting Firefox mobile browser users. Haddouche also provided BleepingComputer with a possible solution to this bug which entails that Firefox requires that web sites be prevented from downloading of multiple files without permission at once.

Close