window.close() comodo browser remote denial of service

Souhardya · August 5, 2018, 2:33am

uhh hi

The Comodo Browser is vulnerable to window object based denial of
service attack. The brave browser fails to sanitize a check when window.close()
function is called in number of dynamically generated events… The
function is called in a suppressed manner and kills the parent window
directly by default which makes it vulnerable to denial of service attack.

Window.close() should be sanitized i don’t know why its being not implemented here
most of the browsers i tested Edge/Firefox is sanitizing the call and doesn’t allow / displays a popup when window.close() call is made

Following url with the html file can be sent to a victim

/*

Lottery.

Comodo Browser

Proof of Concept

Click the below link to Trigger the Vulnerability..

THIS WAS A TEST */

There must be a parent window confirmation check prior to close of window.

Tested : Latest Comodo Browser
Windows 10 x64

This should apply to all platforms tho :P0l

Souhardya · August 5, 2018, 9:39pm

Any updates ?

Corp_Punisher · August 6, 2018, 3:43am

That’s probably what’s going on with my CID. I see very infrequent updates with CID and I would not be surprised if CID is being attacked with a DOS.

Andreea_Ignat · August 6, 2018, 5:33am

Hi, Souhardya! Thank you for the feedback.

I did some tests, as you can see here https://drive.google.com/file/d/1SibLvbTLOsAISTB85Tpfvm894nrl97b1/view
We will look into this further.

[i]
Thank you very much,

The Comodo Browsers team[/i]

Souhardya · August 6, 2018, 4:14pm

uh hi ,
Here is my POC video you can look at it here

https://drive.google.com/file/d/13rMsvfqRtA3hagG4nsOefZ-9RgN2eORC/view?usp=sharing

Souhardya · August 6, 2018, 9:55pm

Also forgot to add this vulnerability i tested it on Comodo dragon the chromium based one

Comodo Dragon 67.0.3396.99 (Official Build) (32-bit)