Firefox Quantum, Beta and Nightly Affected by ‘Reap Firefox’ Crash Attack
A particular vulnerability in the present Firefox browser has been unraveled by the security researcher and basically the creater of this bug, Sabri Haddouche in his blog post. He pointed towards a bug which brings the browser and also the operating system possibly with a ‘Reap Firefox’ attack crash. This vulnerability affects Firefox versions working under Linux, macOS and Windows.
In a tweet, he pointed towards all the facts regarding this new discovery.
After #Mailsploit, releasing #BrowserReaper so you can kill your browser.
More information: https://t.co/9Ls3AKps72
— @email@example.com on Mastodon (@pwnsdx) September 23, 2018
On reaperbugs.com, Haddouce provided a test for various browsers including REAP Chrome, REAP Safari, REAP Firefox. When clicking on REAP Firefox icon in Firefox, a dialog box with a warning appears. If the user confirmed it, the Firefox browser would immediately freeze after. In Windows 7 SP1, it was not possible to cancel the dialog box by simply pressing the Close button or even through Task Manager due to the amount of memory being requested. The system remained busy and could only be switched off by pressing the switch for a longer period of time.
How the Bug Works
Borncity.com gave a detailed workout of how this bug actually works. The IPC channel is flooded as a result of this attack for interprocess communication between the main Firefox browser process and a subprocess. This consequently makes the browser go in a frozen state and ultimately leads to its crash. This was reported by Haddouche as well. In an interview to BleepingComputer he commented, “What happens is that we generate a file (a blob) that contains an extremely long filename and prompt the user to download it every 1ms, therefore it flood the IPC channel between the child and main process, making the browser at the very least freeze.”
Currently, the attack is affecting the users of Firefox Beta, Firefox Quantum and Firefox Nightly. However, this attack will not be affecting Firefox mobile browser users. Haddouche also provided BleepingComputer with a possible solution to this bug which entails that Firefox requires that web sites be prevented from downloading of multiple files without permission at once.