1227357 - Firefox crash using window fatigue

Status: UNCONFIRMED

(Core :: DOM: Core & HTML, defect)

Description

[Abdulrahman Alqabandi]

Attachment: ff-hang.html

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Build ID: 20151029151421

Steps to reproduce:

Based on an existing report of a hang: https://bugzilla.mozilla.org/show_bug.cgi?id=1226990

Except this time FF42 crashes instead of hanging.

Run 'ff-hang.html' and press button


Actual results:

After a few minutes of freeze, firefox crashes


Expected results:

No crash

Comment 1

[Abdulrahman Alqabandi]

Attachment: firefox-debug_0408_2015-11-23_18-30-47-632 - Copy.log

Stacktrace of crash. Note: crash reporter does not open.

Comment 2

[Abdulrahman Alqabandi]

Seems like when I tested this again, the crash reporter did open up, odd.

https://crash-stats.mozilla.com/report/index/bp-3397992e-c463-42ef-bf32-3caf32151124

Comment 3

[Abdulrahman Alqabandi]

Attachment: An improved PoC that will crash firefox within seconds instead of minutes

Comment 5

[Abdulrahman Alqabandi]

I assume this is unexploitable?

Comment 6

[Andrew McCreight [:mccr8]]

It looks like a safe out of memory crash.

Comment 7

[Abdulrahman Alqabandi]

Attachment: ff-unknown-win.png

(In reply to Andrew McCreight [:mccr8] from comment #6)
> It looks like a safe out of memory crash.

Ah I see. I have a third case (using the same click bug) which results in what seems like a completely empty firefox window (view attached screenshot) could that be indicative of exploitability. Note I cant reproduce it when I have windbg running.

Comment 8

[Andrew McCreight [:mccr8]]

An empty window may just be another sign of running out of memory, or some kind of hang.