Closed Bug 785710 Opened 12 years ago Closed 12 years ago

rendering SVG cause EXCEPTION_ACCESS_VIOLATION_READ with addon NoScript

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla19

Tracking Flags:

Tracking

Status

firefox17

---

fixed

firefox18

---

fixed

firefox-esr10

---

unaffected

firefox-esr17

---

fixed

People

(Reporter: julien.decharne, Unassigned)

References

(
URL
)

Details

(Keywords: crash, csectype-framepoisoning, Whiteboard: [adv-main17-][adv-esr17-])

Crash Data

Julien DÉCHARNE

Reporter

Description

•

12 years ago

STEP TO REPRODUCE :

    Disable / Uninstall NoScript or start with fresh profile
    load http://www.w3c.org/Graphics/SVG/
    Enable or Install NoScript
    Restart for completing installation
    load http://www.w3c.org/Graphics/SVG/ (no segfault : page load from cache)
    Clean FF cache
    Restart
    load http://www.w3c.org/Graphics/SVG/ (FF will segfault)

other URLs that do trigger bug : none for the moment

URLs that don't trigger bug :

    http://www.w3c.org/
    http://www.w3c.org/Graphics/
    http://www.w3c.org/Graphics/WebCGM
    http://www.w3c.org/Graphics/PNG/
    (many others, of course)

Confirmed on Windows Seven, see crash report :
https://crash-stats.mozilla.com/report/index/bp-ec363a2e-b834-4b85-bbc3-fd0452120826

Scoobidiver (away)

Comment 1

•

12 years ago

It might be a dupe of bug 762494.

URL: http://forums.informaction.com/viewto... → http://www.w3c.org/Graphics/SVG/

Severity: normal → critical

Status: UNCONFIRMED → NEW

Crash Signature: [@ nsLineBox::IndexOf(nsIFrame*)]

Ever confirmed: true

Keywords: crash

OS: Linux → Windows 7

Hardware: x86_64 → x86

Target Milestone: mozilla14 → ---

Version: 14 Branch → 16 Branch

Kyle Huey (Exited; not receiving bugmail, old account, do not use)

Comment 2

•

12 years ago

Hiding because bug 762494 and bug 789719 are core-security.

Group: core-security

Kyle Huey (Exited; not receiving bugmail, old account, do not use)

Updated

•

12 years ago

Depends on: 789719

Robert Longson [:longsonr]

Comment 3

•

12 years ago

Can someone retest this please? The fix in bug 807213 has now landed for 19, 18 and 17 and may well have fixed this.

Daniel Veditz [:dveditz]

Updated

•

12 years ago

Keywords: csec-framepoisoning

Robert Longson [:longsonr]

Comment 4

•

12 years ago

Based on the stack trace in the crash report in comment 0 bug 786740 will have fixed this. This is basically a duplicate of bug 792857.

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

Scoobidiver (away)

Updated

•

12 years ago

status-firefox17: --- → fixed

status-firefox18: --- → fixed

Target Milestone: --- → mozilla19

Daniel Veditz [:dveditz]

Updated

•

12 years ago

status-firefox-esr10: --- → unaffected

status-firefox-esr17: --- → fixed

Al Billings [:abillings - ex-MoCo]

Updated

•

11 years ago

Whiteboard: [adv-main17-][adv-esr17-]

Daniel Veditz [:dveditz]

Updated

•

11 years ago

Group: core-security

Flags: sec-bounty-

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

rendering SVG cause EXCEPTION_ACCESS_VIOLATION_READ with addon NoScript

Categories

(Core :: SVG, defect)

Tracking

()

People

(Reporter: julien.decharne, Unassigned)

References

(
URL
)

Details

(Keywords: crash, csectype-framepoisoning, Whiteboard: [adv-main17-][adv-esr17-])

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Updated

Comment 3

Updated

Comment 4

Updated

Updated

Updated

Updated