Puffin Web Browser Pop Up Recursion Vulnerability - DOS
|During my recent security research on "Puffin Web Browser" I found several security bugs with "Puffin Web Browser" ranging from low to high risk issues. My recent post "Puffin Web Browser Address Bar Spoofing" already talked about a high risk vulnerability inside Puffin Web browser. |
However, today I would like to discuss about a low/medium risk issue known as "Pop Up Recursion" vulnerability resulting in a Denial Of Service. This is a known issue and in past has been already addressed in browsers such as Google Chrome, however Puffin Web Browser is still affected by the issue.
VulnerabilityThe vulnerability occurred due to mishandling of location.reload function, as it keeps reloading the document, however the issue more likely is present inside of not limiting the pop ups or simply offering no way to ignore further prompts.
Puffin Web Browser should have opened a new window with single alert box.
What actually happened?
Puffin Web Browser recursively opens up new window on pressing the ok button and there is no way to prevent the page from creating additional pop ups just like Chrome, IE etc.
Puffin Web Browser
On pressing the "OK" button, it would reload the copy a current document in a new tab, on pressing "OK" on the second window, it would reload another copy of the current document in a new tab, this would keep growing until the browser finally crashes.
In "Chrome" for android, this effect is limited by offering a checkbox to prevent the current document from creating additional dialogs.
POCThe following is the simple proof of concept:
<title>Puffin Web Browser Pop Up Recursion DOS</title>
window = window.open(location.reload('http://rafayhackingarticles.net'));