Closed
Bug 1373132
Opened 7 years ago
Closed 7 years ago
Possible Stack Corruption
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: dorkerdevil280, Unassigned)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 UBrowser/6.0.1308.1003 Safari/537.36 Steps to reproduce: 1.open any website where you can comment in firefox 2.now i m using a addon called firefox so install it 3.now right click on the comment box and select fireforce?load dictionary> now load the dictionary file which is the file i m using in my case i,e. c99 shell 4.now just clickok and a new firefox window will open and in 2-5 sec firefox will be crashed i m using firefox v53 windows 8 32bit also using windbg
|
Reporter | |
Comment 1•7 years ago
|
||
(1610.1638): Break instruction exception - code 80000003 (first chance)
eax=70d6d8f8 ebx=00c6b180 ecx=7fa0e000 edx=00000000 esi=002e575c edi=006fb594
eip=63a391e1 esp=006fb4ec ebp=006fb50c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Mozilla Firefox\xul.dll -
xul!workerlz4_decompress+0x1240fa:
63a391e1 cc int 3
0:000> !exploitable -v
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0x63a391e1
First Chance Exception Type: STATUS_BREAKPOINT (0x80000003)
Faulting Instruction:63a391e1 int 3
Basic Block:
63a391e1 int 3
Exception Hash (Major/Minor): 0x37695c2e.0x2c6a747b
Stack Trace:
xul!workerlz4_decompress+0x1240fa
xul+0x2af9af
xul+0x2af7e7
xul+0x2b0ea4
xul+0x147e79
xul+0x147f64
xul+0x146daf
xul+0x146cbf
xul+0x42186c
xul+0x421323
xul!mozilla_dump_image+0x6e8d31
xul!workerlz4_decompress+0x243ac7
xul+0xe9af3
xul+0xe3085
xul+0xf1617
xul+0x56f59c
xul+0xe9a41
xul+0x495dcf
Unknown
xul+0x4bc7c4
xul+0x4bc607
xul!workerlz4_decompress+0xe15d7
xul+0xe98fc
xul+0x1a3b15
xul+0x1a1daa
xul!soundtouch::SoundTouch::operator=+0x12b700
xul+0xe9a41
xul+0x495dcf
Unknown
Unknown
Unknown
Instruction Address: 0x0000000063a391e1
Description: Possible Stack Corruption
Short Description: PossibleStackCorruption
Exploitability Classification: UNKNOWN
Recommended Bug Title: Possible Stack Corruption starting at xul!workerlz4_decompress+0x00000000001240fa (Hash=0x37695c2e.0x2c6a747b)
The stack trace contains one or more locations for which no symbol or module could be found. This may be a sign of stack corruption.Flags: needinfo?(dorkerdevil280)
|
|
Reporter | |
Comment 2•7 years ago
|
||
Flags: needinfo?(dorkerdevil280)
|
|
Reporter | |
Comment 3•7 years ago
|
||
(In reply to dorkerdevil280 from comment #0) > Created attachment 8877869 [details] > c99.txt > > User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like > Gecko) Chrome/50.0.2661.102 UBrowser/6.0.1308.1003 Safari/537.36 > > Steps to reproduce: > > 1.open any website where you can comment in firefox > 2.now i m using a addon called firefox so install it > 3.now right click on the comment box and select fireforce?load dictionary> > now load the dictionary file which is the file i m using in my case i,e. c99 > shell > 4.now just clickok and a new firefox window will open and in 2-5 sec firefox > will be crashed > > i m using firefox v53 > windows 8 32bit > also using windbg fireforce addon not firefox
|
||
Comment 4•7 years ago
|
||
Please report the issue to the extension developer.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•