Created attachment 8523471 [details] Shortest XML crashing the parser User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Build ID: 20141106120505 Steps to reproduce: Open the enclosed file. Tested with Firefox (32-bit on Windows 8.1 x64) Actual results: Firefox crashes. Expected results: Maybe Firefox should have displayed an error message about a maximum depth...
I don't know whether this bug could be exploited, so I marked it as critical (sorry for the inconvenience if it can't).
The HTML parser caps the depth. Pretty sure we have existing bugs for this for the XML parser, and pretty sure this just leads to a stack overflow recursing down the tree, which is not exploitable...
Created attachment 8523472 [details] Bisection for creating the shortest sample Maybe this could be useful for testing different builds
The first attachment doesn't have enough levels to crash me (I guess I have more memory than you do) but yes, this will eventually crash us.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 485941
Maybe is duplicate but still works and crash Firefox 36.More then 4 years.
You need to log in before you can comment on or make changes to this bug.