Closed Bug 1347573 Opened 8 years ago Closed 8 years ago

denial of service via malformed favicon.ico

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: eranshmu, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Steps to reproduce: created a simple python web server: from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler x = ''' <html> <head></head> <body>erladi</body> </html> ''' class Handler(BaseHTTPRequestHandler): def do_GET(self): global x '''if self.path == '/favicon.ico': self.send_response(404) self.end_headers() return''' self.send_response(200) self.end_headers() self.wfile.write(x) server = HTTPServer(('', 80), Handler) server.serve_forever() and browsed to the / location Actual results: the browser hangs - non responsive NOTICE: I commented out the part that returns a 404 whenever a favicon is requested. if you uncomment this section, the bug will not trigger. if this section is commented then the bug triggers consistently. Expected results: the browser should not freeze on a malformed favicon such as this
Btw, this was happens only on windows
Group: firefox-core-security
I can't reproduce the problem in Fx52 and Fx53b4 on Win10.
(In reply to YF (Yang) from comment #2) > I can't reproduce the problem in Fx52 and Fx53b4 on Win10. I cannot reproduce this issue either in Win7 x64 with 52.0.1. I wonder if it is there something I'm doing wrong?
Flags: needinfo?(eranshmu)
Based on comment 3 - resolving as incomplete for the time being.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.