Skip to content
This repository was archived by the owner on Dec 11, 2019. It is now read-only.
This repository was archived by the owner on Dec 11, 2019. It is now read-only.

the last open tab should only be saved if the window is closed #5007

Closed
@bridiver

Description

@bridiver

Did you search for similar issues before submitting this one?
Yes

Describe the issue you encountered:
If you have a single window with only one tab and you close the tab itself that tab should not be restored on the next load. It should only be saved if the window is closed while the tab is still open. This is one of two bugs that enables a DoS from https://hackerone.com/reports/176197

Expected behavior:
If the tab is closed it should not be restored when Brave is opened again

  • Platform (Win7, 8, 10? macOS? Linux distro?):
    Win and Linux
  • Brave Version:
    0.12.5
  • Steps to reproduce:
    1. Open this page
<html>
<title>Brave Window Object Remote Denial of Service.</title>
<head></head>

<body><br><br>
<h1><center>Brave Window Object Remote Denial of Service</center></h1><br><br>
<h2><center>Proof of Concept</center></br></br> </h2>

<center>
<b>Click the below link to Trigger the Vulnerability..</b><br><br>
<hr></hr>

<hr></hr>
<b><center><a href="javascript:window.close(self);">Brave Window Object DoS Test POC</a></center>

</center>
</body>

</html>
2. Click the link to close the tab
3. Reopen Brave

If the page is changed to call the script without the click it becomes a DoS on Windows and Linux if it is the only tab in the last window

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions