Closed
Bug 1295002
(CVE-2017-5422)
Opened 8 years ago
Closed 8 years ago
Recursive keyword fixup for many-nested view-source: URLs crashes
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
RESOLVED
FIXED
mozilla52
People
(Reporter: alex, Assigned: Gijs)
Details
(4 keywords, Whiteboard: [adv-main52+] stack exhaustion)
Crash Data
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0 Build ID: 20160726073904 Steps to reproduce: Lots of view-source: strung together cause the browser to crash. Actual results: The browser crashed. Expected results: Viewing the source of view-source is pointless & should be blocked.
|
||
Comment 1•8 years ago
|
||
Thanks for taking the time to report this! Please provide the crash ID from about:crashes : https://developer.mozilla.org/en/How_to_get_a_stacktrace_for_a_bug_report explains how to do this. When doing so, please also add the keyword "crashreportid" to the "Keywords" field of this report.
Flags: needinfo?(alex)
Crash Signature: bp-68bc2ca0-5bce-44d3-a1c0-839af2160814
Keywords: crashreportid
|
||
Updated•8 years ago
|
Crash Signature: bp-68bc2ca0-5bce-44d3-a1c0-839af2160814 → [@ mozilla::Tokenizer::Parse]
|
||
Comment 3•8 years ago
|
||
I tried reproducing this issue and got crash: bp-8e3b0f7f-1c64-450a-8478-62d842160817 User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
||
Updated•8 years ago
|
Component: Untriaged → Document Navigation
Product: Firefox → Core
|
Assignee | |
Updated•8 years ago
|
Flags: needinfo?(gijskruitbosch+bugs)
Keywords: csectype-dos,
sec-low
Summary: view-source crash exploit → Recursive keyword fixup for many-nested view-source: URLs crashes
|
||
Updated•8 years ago
|
Whiteboard: stack exhaustion
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → gijskruitbosch+bugs
Status: NEW → ASSIGNED
Flags: needinfo?(gijskruitbosch+bugs)
|
||
Comment 5•8 years ago
|
||
Comment on attachment 8796980 [details] Bug 1295002 - don't accept nested view-source: references in nsDefaultURIFixup, I'm not docshell peer.
Attachment #8796980 -
Flags: review?(bugs)
Attachment #8796980 -
Flags: review?(amarchesini)
Attachment #8796980 -
Flags: feedback+
|
||
Comment 6•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8796980 [details] Bug 1295002 - don't accept nested view-source: references in nsDefaultURIFixup, https://reviewboard.mozilla.org/r/82606/#review81338 I guess we can do this. Stipping view-source in a loop might be a bit nicer, but shouldn't really matter.
Attachment #8796980 -
Flags: review?(bugs) → review+
|
|
||
Comment 7•8 years ago
|
||
| mozreview-review-reply | ||
Comment on attachment 8796980 [details] Bug 1295002 - don't accept nested view-source: references in nsDefaultURIFixup, https://reviewboard.mozilla.org/r/82606/#review81338 Er, stripping
Pushed by gijskruitbosch@gmail.com: https://hg.mozilla.org/integration/autoland/rev/b7ccf1f2df8f don't accept nested view-source: references in nsDefaultURIFixup, r=smaug
|
||
Comment 9•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/b7ccf1f2df8f
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
|
||
Updated•8 years ago
|
status-firefox50:
--- → affected
status-firefox51:
--- → affected
|
||
Updated•7 years ago
|
Whiteboard: stack exhaustion → [adv-main52+] stack exhaustion
|
|
||
Updated•7 years ago
|
Alias: CVE-2017-5422
You need to log in
before you can comment on or make changes to this bug.
Description
•