Closed
Bug 1373132
Opened 7 years ago
Closed 7 years ago
Possible Stack Corruption
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: dorkerdevil280, Unassigned)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 UBrowser/6.0.1308.1003 Safari/537.36 Steps to reproduce: 1.open any website where you can comment in firefox 2.now i m using a addon called firefox so install it 3.now right click on the comment box and select fireforce?load dictionary> now load the dictionary file which is the file i m using in my case i,e. c99 shell 4.now just clickok and a new firefox window will open and in 2-5 sec firefox will be crashed i m using firefox v53 windows 8 32bit also using windbg
Reporter | ||
Comment 1•7 years ago
|
||
(1610.1638): Break instruction exception - code 80000003 (first chance) eax=70d6d8f8 ebx=00c6b180 ecx=7fa0e000 edx=00000000 esi=002e575c edi=006fb594 eip=63a391e1 esp=006fb4ec ebp=006fb50c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Mozilla Firefox\xul.dll - xul!workerlz4_decompress+0x1240fa: 63a391e1 cc int 3 0:000> !exploitable -v HostMachine\HostUser Executing Processor Architecture is x86 Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception Exception Faulting Address: 0x63a391e1 First Chance Exception Type: STATUS_BREAKPOINT (0x80000003) Faulting Instruction:63a391e1 int 3 Basic Block: 63a391e1 int 3 Exception Hash (Major/Minor): 0x37695c2e.0x2c6a747b Stack Trace: xul!workerlz4_decompress+0x1240fa xul+0x2af9af xul+0x2af7e7 xul+0x2b0ea4 xul+0x147e79 xul+0x147f64 xul+0x146daf xul+0x146cbf xul+0x42186c xul+0x421323 xul!mozilla_dump_image+0x6e8d31 xul!workerlz4_decompress+0x243ac7 xul+0xe9af3 xul+0xe3085 xul+0xf1617 xul+0x56f59c xul+0xe9a41 xul+0x495dcf Unknown xul+0x4bc7c4 xul+0x4bc607 xul!workerlz4_decompress+0xe15d7 xul+0xe98fc xul+0x1a3b15 xul+0x1a1daa xul!soundtouch::SoundTouch::operator=+0x12b700 xul+0xe9a41 xul+0x495dcf Unknown Unknown Unknown Instruction Address: 0x0000000063a391e1 Description: Possible Stack Corruption Short Description: PossibleStackCorruption Exploitability Classification: UNKNOWN Recommended Bug Title: Possible Stack Corruption starting at xul!workerlz4_decompress+0x00000000001240fa (Hash=0x37695c2e.0x2c6a747b) The stack trace contains one or more locations for which no symbol or module could be found. This may be a sign of stack corruption.
Flags: needinfo?(dorkerdevil280)
Reporter | ||
Comment 2•7 years ago
|
||
Flags: needinfo?(dorkerdevil280)
Reporter | ||
Comment 3•7 years ago
|
||
(In reply to dorkerdevil280 from comment #0) > Created attachment 8877869 [details] > c99.txt > > User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like > Gecko) Chrome/50.0.2661.102 UBrowser/6.0.1308.1003 Safari/537.36 > > Steps to reproduce: > > 1.open any website where you can comment in firefox > 2.now i m using a addon called firefox so install it > 3.now right click on the comment box and select fireforce?load dictionary> > now load the dictionary file which is the file i m using in my case i,e. c99 > shell > 4.now just clickok and a new firefox window will open and in 2-5 sec firefox > will be crashed > > i m using firefox v53 > windows 8 32bit > also using windbg fireforce addon not firefox
Comment 4•7 years ago
|
||
Please report the issue to the extension developer.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•