This repository was archived by the owner on Dec 11, 2019. It is now read-only.
This repository was archived by the owner on Dec 11, 2019. It is now read-only.
the last open tab should only be saved if the window is closed #5007
Closed
Description
Did you search for similar issues before submitting this one?
Yes
Describe the issue you encountered:
If you have a single window with only one tab and you close the tab itself that tab should not be restored on the next load. It should only be saved if the window is closed while the tab is still open. This is one of two bugs that enables a DoS from https://hackerone.com/reports/176197
Expected behavior:
If the tab is closed it should not be restored when Brave is opened again
- Platform (Win7, 8, 10? macOS? Linux distro?):
Win and Linux - Brave Version:
0.12.5 - Steps to reproduce:
- Open this page
<html>
<title>Brave Window Object Remote Denial of Service.</title>
<head></head>
<body><br><br>
<h1><center>Brave Window Object Remote Denial of Service</center></h1><br><br>
<h2><center>Proof of Concept</center></br></br> </h2>
<center>
<b>Click the below link to Trigger the Vulnerability..</b><br><br>
<hr></hr>
<hr></hr>
<b><center><a href="javascript:window.close(self);">Brave Window Object DoS Test POC</a></center>
</center>
</body>
</html>
2. Click the link to close the tab
3. Reopen Brave
If the page is changed to call the script without the click it becomes a DoS on Windows and Linux if it is the only tab in the last window