Closed Bug 1100059 Opened 10 years ago Closed 10 years ago

Too many nested tags cause Firefox to crash

Categories

(Core :: XML, defect)

Product:
Core
Component:
XML
Version:
33 Branch
Platform:
x86_64
Windows 8.1
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 485941

People

(Reporter: ghuysmans99, Unassigned)

Details

Attachments

(2 files)

Shortest XML crashing the parser
8.54 KB, text/xml
Details
Bisection for creating the shortest sample
251 bytes, application/download
Details
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Build ID: 20141106120505 Steps to reproduce: Open the enclosed file. Tested with Firefox (32-bit on Windows 8.1 x64) Actual results: Firefox crashes. Expected results: Maybe Firefox should have displayed an error message about a maximum depth...
I don't know whether this bug could be exploited, so I marked it as critical (sorry for the inconvenience if it can't).
The HTML parser caps the depth. Pretty sure we have existing bugs for this for the XML parser, and pretty sure this just leads to a stack overflow recursing down the tree, which is not exploitable...
Maybe this could be useful for testing different builds
The first attachment doesn't have enough levels to crash me (I guess I have more memory than you do) but yes, this will eventually crash us.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Maybe is duplicate but still works and crash Firefox 36.More then 4 years.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: