Open
Bug 1524711
Opened 5 years ago
Updated 2 years ago
Crash Annotation GraphicsCriticalError |[C0][GFX1-]
Categories
(Core :: Graphics, defect, P3)
Tracking
()
NEW
People
(Reporter: StefanG_QA, Unassigned)
References
Details
Attachments
(3 files)
Mozilla/5.0 (X11; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0 (20181219203225) ASAN build
Tested on Ubuntu 18.10.
- Use 64-bit Linux
- Download customelements_uaf_poc.html and delay_http_server.py and put both in the same directory.
- cd into that directory
- Run python delay_http_server.py 8080
- In another terminal window, start an ASAN-enabled Firefox build.
- In the Firefox build navigate to http://127.0.0.1:8080/customelements_uaf_poc.html
- Check the terminal output from Firefox.
Note: You may need to repeat step 6 in order to hit the issue.
AR: Browser crashes
Reporter | ||
Comment 1•5 years ago
|
||
Reporter | ||
Comment 2•5 years ago
|
||
Comment 3•5 years ago
|
||
The PoC comes from bug 1510114, so please coordinate disclosure of the two.
Updated•5 years ago
|
Whiteboard: [coordinate disclosure with bug 1510114]
Updated•5 years ago
|
Group: core-security-release → gfx-core-security
Updated•5 years ago
|
Keywords: sec-other
See Also: → CVE-2018-18500
Comment 4•5 years ago
|
||
I tried 20190207094841 asan opt and debug builds, and also built locally, but I was unable to reproduce on Linux 64 / Ubuntu 18.04 after many attempts repeating step 6.
Priority: -- → P3
Comment 5•3 years ago
|
||
Bug 1510114 has been unhidden.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•