Open Bug 1563012 Opened 2 years ago Updated 11 months ago

[W64] Firefox 69.0 beta (32-bit) quits after repeating loading long (HTTP) URL in iframe

Categories

(Core :: DOM: Core & HTML, defect, P3)

68 Branch
defect

Tracking

()

UNCONFIRMED

People

(Reporter: zarco.zwier, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-dos, csectype-oom)

Attachments

(1 file)

Attached file TestMozilla4.html

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

Open the PoC under Microsoft Windows [Version 10.0.17763.592] with Firefox 68.0 beta 32-bit

Actual results:

Firefox quits, this can be be used as Denial of Service

Expected results:

Show the yellow bar that the website slows Firefox and not quit.

http://127.0.0.1 is an empty file.

Can you link to a submitted crashreport from about:crashes that corresponds to the crash you're seeing with your testcase?

Flags: needinfo?(zarco.zwier)
Flags: needinfo?(zarco.zwier)

Delay that, not sure that one was done with empty profile.
This one surely is: https://crash-stats.mozilla.org/report/index/aabc4e38-10ad-4fb7-a29d-2c1e20190703

Both of those are OOM crashes (ie we ran out of memory). One of them in the content process (so that would have shown up as a tab crash, not taking down Firefox's "main" process). The other one has no symbols for some reason? Either way, it looks like this is basically memory exhaustion.

Blocks: eviltraps
Group: firefox-core-security
Component: Untriaged → General
Product: Firefox → Core
Priority: -- → P3

It looks like this test case is jamming a large string into the src field of an iframe, so I'll move this to DOM.

Component: General → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.