Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Printer Abuse Bug #4848

Closed
Brandon-T opened this issue Jan 12, 2022 · 2 comments · Fixed by #4849
Closed

Printer Abuse Bug #4848

Brandon-T opened this issue Jan 12, 2022 · 2 comments · Fixed by #4849
Assignees
@Brandon-T
Labels
bug Epic: Security QA Pass - iPad QA Pass - iPhone QA/Yes release-notes/include security
Milestone
1.35

Comments

@Brandon-T
Copy link
Collaborator

Brandon-T commented Jan 12, 2022
edited
Loading

Description:

  1. A malicious website can abuse the print function of the browser via window.print

Steps to Reproduce

  1. In Security Ticket.
@Brandon-T Brandon-T added this to the 1.35 milestone Jan 12, 2022
@Brandon-T Brandon-T self-assigned this Jan 12, 2022
@Brandon-T Brandon-T mentioned this issue Jan 12, 2022
Merged
7 tasks
iccub pushed a commit that referenced this issue Jan 14, 2022
@Brandon-T
Fix #4848: Printer abuse (#4849)
d4fa787 
Fixes an issue where a malicious website can do abuse printing functions and will DOS the user as well as sometimes crash the browser if fast enough due to Out of Memory.
@Uni-verse
Copy link
Contributor

Uni-verse commented Jan 31, 2022
edited by kjozwiak
Loading

Verified on iPhone 12 Pro running iOS 15.1.1 using 1.35 (22.1.30.17)

  • Verified suppress message will prevent the print window modal from repeatedly showing.

Note : Suppress message shows up twice

RPReplay_Final1643663747.MP4

Verification PASSED on iPhone 12 running iOS 15.2.1 using 1.35 (22.1.30.17)

  • ensured that printing works as expected once the initial print modal appears via https://brandon-t.github.io/WindowPrint.html
  • ensured that tapping on Suppress Alerts stops the printer modal from re-appearing
  • ensured that Suppress Alerts only applies to that tab instance (opening the website in a new tab will spam the printer modal)
  • ensured that you can still print when a user suppresses the modal via Suppress Alerts
  • ensured that tapping on Cancel on the Suppress Alerts modal works as expected

Verification PASSED on iPhone 11 running iOS 14.7,1 using 1.35 (22.1.30.17)

  • ensured that printing works as expected once the initial print modal appears via https://brandon-t.github.io/WindowPrint.html
  • ensured that tapping on Suppress Alerts stops the printer modal from re-appearing
  • ensured that Suppress Alerts only applies to that tab instance (opening the website in a new tab will spam the printer modal)
  • ensured that you can still print when a user suppresses the modal via Suppress Alerts
  • ensured that tapping on Cancel on the Suppress Alerts modal works as expected

Verification PASSED on iPad Air (3rd Gen) running iOS 15.2 using 1.35 (22.1.30.17)

  • ensured that printing works as expected once the initial print modal appears via https://brandon-t.github.io/WindowPrint.html
  • ensured that tapping on Suppress Alerts stops the printer modal from re-appearing
  • ensured that Suppress Alerts only applies to that tab instance (opening the website in a new tab will spam the printer modal)
  • ensured that you can still print when a user suppresses the modal via Suppress Alerts
  • ensured that tapping on Cancel on the Suppress Alerts modal works as expected

@Uni-verse Uni-verse mentioned this issue Jan 31, 2022
Open
@kjozwiak
Copy link
Member

QA found #4922 while running through the above 👍 Thanks for getting the issue filed @Uni-verse.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Brandon-T Brandon-T

Labels
bug Epic: Security QA Pass - iPad QA Pass - iPhone QA/Yes release-notes/include security
Projects
None yet
Milestone
1.35
Development

Successfully merging a pull request may close this issue.

Fix #4848: Printer abuse brave/brave-ios
4 participants
@Brandon-T @kjozwiak @iccub @Uni-verse