Closed Bug 1367922 Opened 7 years ago Closed 7 years ago

Mozilla Firefox 53.0.3 (64 bits) - Stack Overflow Denial of Service Exploit

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Version:
53 Branch
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 485941

People

(Reporter: soufiane.boussali, Unassigned)

Details

Attachments

(2 files)

Mozilla Firefox 53.0.3 (64 bits) - Stack Overflow Denial of Service Exploit.html
807 bytes, text/html
Details
POC
559.01 KB, video/mp4
Details 
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170518000419
Firefox for Android

Steps to reproduce:

A stack overflow DoS vulnerability affecting Firefox versions 53.0.3 (64 bits) by 
This flaw does NOT affect ESR 45 or the latest version of the Tor Browser Bundle.
This flaw can be triggered by simply visiting a website with the PoC code embedded in it and requires no further user interaction nor does it require any special privileges.
Successful exploitation results in the browser tab crashing.


Actual results:

Full denial of service with Closing the browser
OS: Unspecified → Mac OS X
Hardware: Unspecified → x86_64
This is a known issue.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Component: Activity Streams: General → SVG
Product: Firefox → Core
Resolution: --- → DUPLICATE
Attached video POC 
The issue persist always thanks to find in the attachments a Proof Of Concept for this exploitation.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: