Closed
Bug 1295002
(CVE-2017-5422)
Opened 8 years ago
Closed 8 years ago
Recursive keyword fixup for many-nested view-source: URLs crashes
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
RESOLVED
FIXED
mozilla52
People
(Reporter: alex, Assigned: Gijs)
Details
(4 keywords, Whiteboard: [adv-main52+] stack exhaustion)
Crash Data
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Build ID: 20160726073904
Steps to reproduce:
Lots of view-source: strung together cause the browser to crash.
Actual results:
The browser crashed.
Expected results:
Viewing the source of view-source is pointless & should be blocked.
Comment 1•8 years ago
|
||
Thanks for taking the time to report this!
Please provide the crash ID from about:crashes : https://developer.mozilla.org/en/How_to_get_a_stacktrace_for_a_bug_report explains how to do this. When doing so, please also add the keyword "crashreportid" to the "Keywords" field of this report.
Flags: needinfo?(alex)
Crash Signature: bp-68bc2ca0-5bce-44d3-a1c0-839af2160814
Keywords: crashreportid
Updated•8 years ago
|
Crash Signature: bp-68bc2ca0-5bce-44d3-a1c0-839af2160814 → [@ mozilla::Tokenizer::Parse]
Comment 3•8 years ago
|
||
I tried reproducing this issue and got crash: bp-8e3b0f7f-1c64-450a-8478-62d842160817
User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•8 years ago
|
Component: Untriaged → Document Navigation
Product: Firefox → Core
Assignee | ||
Updated•8 years ago
|
Flags: needinfo?(gijskruitbosch+bugs)
Keywords: csectype-dos,
sec-low
Summary: view-source crash exploit → Recursive keyword fixup for many-nested view-source: URLs crashes
Updated•8 years ago
|
Whiteboard: stack exhaustion
Comment hidden (mozreview-request) |
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → gijskruitbosch+bugs
Status: NEW → ASSIGNED
Flags: needinfo?(gijskruitbosch+bugs)
Comment 5•8 years ago
|
||
Comment on attachment 8796980 [details]
Bug 1295002 - don't accept nested view-source: references in nsDefaultURIFixup,
I'm not docshell peer.
Attachment #8796980 -
Flags: review?(bugs)
Attachment #8796980 -
Flags: review?(amarchesini)
Attachment #8796980 -
Flags: feedback+
Comment 6•8 years ago
|
||
mozreview-review |
Comment on attachment 8796980 [details]
Bug 1295002 - don't accept nested view-source: references in nsDefaultURIFixup,
https://reviewboard.mozilla.org/r/82606/#review81338
I guess we can do this. Stipping view-source in a loop might be a bit nicer, but shouldn't really matter.
Attachment #8796980 -
Flags: review?(bugs) → review+
Comment 7•8 years ago
|
||
mozreview-review-reply |
Comment on attachment 8796980 [details]
Bug 1295002 - don't accept nested view-source: references in nsDefaultURIFixup,
https://reviewboard.mozilla.org/r/82606/#review81338
Er, stripping
Pushed by gijskruitbosch@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/b7ccf1f2df8f
don't accept nested view-source: references in nsDefaultURIFixup, r=smaug
Comment 9•8 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Updated•8 years ago
|
status-firefox50:
--- → affected
status-firefox51:
--- → affected
Updated•8 years ago
|
Whiteboard: stack exhaustion → [adv-main52+] stack exhaustion
Updated•8 years ago
|
Alias: CVE-2017-5422
You need to log in
before you can comment on or make changes to this bug.
Description
•