Open Bug 1524711 Opened 5 years ago Updated 2 years ago

Crash Annotation GraphicsCriticalError |[C0][GFX1-]

Categories

(Core :: Graphics, defect, P3)

65 Branch
defect

Tracking

()

People

(Reporter: StefanG_QA, Unassigned)

References

Details

Attachments

(3 files)

Mozilla/5.0 (X11; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0 (20181219203225) ASAN build

Tested on Ubuntu 18.10.

  1. Use 64-bit Linux
  2. Download customelements_uaf_poc.html and delay_http_server.py and put both in the same directory.
  3. cd into that directory
  4. Run python delay_http_server.py 8080
  5. In another terminal window, start an ASAN-enabled Firefox build.
  6. In the Firefox build navigate to http://127.0.0.1:8080/customelements_uaf_poc.html
  7. Check the terminal output from Firefox.

Note: You may need to repeat step 6 in order to hit the issue.

AR: Browser crashes

Attached file delay_http_server.py

The PoC comes from bug 1510114, so please coordinate disclosure of the two.

Whiteboard: [coordinate disclosure with bug 1510114]
Group: core-security-release → gfx-core-security
Keywords: sec-other
See Also: → CVE-2018-18500

I tried 20190207094841 asan opt and debug builds, and also built locally, but I was unable to reproduce on Linux 64 / Ubuntu 18.04 after many attempts repeating step 6.

Priority: -- → P3

Bug 1510114 has been unhidden.

Group: gfx-core-security
Keywords: sec-other
Whiteboard: [coordinate disclosure with bug 1510114]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: