denial-of-service from multiple "Confirm security exception" windows
Bug #1098340 reported by
B Bobo
This bug report is a duplicate of:
Bug #1035296: Dozens of 'add security exception' dialogs.
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| thunderbird (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
Bug Description
Thunderbird creates a new "Confirm security exception" window for each ssl certificate authentication error with the mail server. The result is potentially hundreds or thousands of "Confirm security exception" windows can be open at the same time. To close all the windows, you have to click on each window one by one, which can take a very long time. The open windows totally block any other use of thunderbird while they are open. This provides a feasible denial-of-service vector:- no further details will be provided about that. The bug can be fixed regardless. There should be a maximum of one open "Confirm security exception" window, and the window should not be modal.
| information type: | Private Security → Public Security |
| Changed in thunderbird (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → Low |
To post a comment you must log in.
