Did you search for similar issues before submitting this one?
Yes
Describe the issue you encountered:
If you have a single window with only one tab and you close the tab itself that tab should not be restored on the next load. It should only be saved if the window is closed while the tab is still open. This is one of two bugs that enables a DoS from https://hackerone.com/reports/176197
Expected behavior:
If the tab is closed it should not be restored when Brave is opened again
Platform (Win7, 8, 10? macOS? Linux distro?):
Win and Linux
Brave Version:
0.12.5
Steps to reproduce:
Open this page
<html>
<title>Brave Window Object Remote Denial of Service.</title>
<head></head>
<body><br><br>
<h1><center>Brave Window Object Remote Denial of Service</center></h1><br><br>
<h2><center>Proof of Concept</center></br></br> </h2>
<center>
<b>Click the below link to Trigger the Vulnerability..</b><br><br>
<hr></hr>
<hr></hr>
<b><center><a href="javascript:window.close(self);">Brave Window Object DoS Test POC</a></center>
</center>
</body>
</html>
2. Click the link to close the tab
3. Reopen Brave
If the page is changed to call the script without the click it becomes a DoS on Windows and Linux if it is the only tab in the last window
The text was updated successfully, but these errors were encountered:
I know this is an old issue, but is it possible to reopen it, possibly as a feature request? I switch back-and-forth between macOS and Windows a lot, and prefer the macOS behavior. On Windows I've been keeping about:blank open in Brave and closing that tab last as a "workaround."
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Did you search for similar issues before submitting this one?
Yes
Describe the issue you encountered:
If you have a single window with only one tab and you close the tab itself that tab should not be restored on the next load. It should only be saved if the window is closed while the tab is still open. This is one of two bugs that enables a DoS from https://hackerone.com/reports/176197
Expected behavior:
If the tab is closed it should not be restored when Brave is opened again
Win and Linux
0.12.5
If the page is changed to call the script without the click it becomes a DoS on Windows and Linux if it is the only tab in the last window
The text was updated successfully, but these errors were encountered: