Hacker, Researcher and Author.

Puffin Web Browser Pop Up Recursion Vulnerability - DOS

During my recent security research on "Puffin Web Browser" I found several security bugs with "Puffin Web Browser" ranging from low to high risk issues. My recent post "Puffin Web Browser Address Bar Spoofing" already talked about a high risk vulnerability inside Puffin Web browser. 

However, today I would like to discuss about a low/medium risk issue known as "Pop Up Recursion" vulnerability resulting in a Denial Of Service. This is a known issue and in past has been already addressed in browsers such as Google Chrome, however Puffin Web Browser is still affected by the issue.  


The vulnerability occurred due to mishandling of location.reload function, as it keeps reloading the document, however the issue more likely is present inside of not limiting the pop ups or simply offering no way to ignore further prompts.

Expected Result

Puffin Web Browser should have opened a new window with single alert box.

What actually happened? 

Puffin Web Browser recursively opens up new window on pressing the ok button and there is no way to prevent the page from creating additional pop ups just like Chrome, IE etc. 

Puffin Web Browser

On pressing the "OK" button, it would reload the copy a current document in a new tab, on pressing "OK" on the second window, it would reload another copy of the current document in a new tab, this would keep growing until the browser finally crashes. 


In "Chrome" for android, this effect is limited by offering a checkbox to prevent the current document from creating additional dialogs.


The following is the simple proof of concept:
<title>Puffin Web Browser Pop Up Recursion DOS</title>
window = window.open(location.reload('http://rafayhackingarticles.net'));


Puffin Web Browser team has acknowledged the issue and have promised to fix them in next versions.

1 comment:

  1. Great work Bro !
    Can You upload your workshop video on YouTube ?

    My website : www.effecthacking.com


© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form


Email *

Message *

Powered by Blogger.