From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530 BuildID: 2002053012 Can be used to launch a dos on user visiting url, probably same html can be inserted into an html mail. Reproducible: Always Steps to Reproduce: 1.Visit http://alv.times.lv/crashnosriptrequired.html 2. 3. Actual Results: New compose mail window opens. Mozilla freezes. Expected Results: nothing Mozilla shold stop evaluating <iframes after certain depth is reached. Mozilla shold ignore iframe tags with src other than src='http:',src='file:',src= without protocol specified.
Confirm the action specified. Running moz 2002071308, on Windows 2000. Moz froze.
I get many different assertions in a debug build. confirming with win2k build 20020720..
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
confirm with 200271808 WinXP. Get popup message that states: Alert: Composer cannot edit HTML framesets, or pages with inline frames. For framesets, try editing the page for each frame separately. For pages with iframces, save a copy of the page and remove the <iframe> tag.
->HTML Frames. What protocols should we handle in frames? http://, ftp://, and data: are the first 3 that come to my mind.
Assignee: attinasi → jkeiser
Component: Layout → HTMLFrames
QA Contact: petersen → amar
Bulk moving P1-P5 un-milestoned bugs to future.
Target Milestone: --- → Future
Confirmed in 12/16 Trunk build, Win XP
Created attachment 131775 [details] eMule Exploit with IFRAME SRC It is possible to start downloads in emule with that "exploit" without any notice of the user. You visit a page and the page starts some downloads in the background.
The image src bug is bug 181860 Please don't morph bug reports
image src?? I posted an iframe src attachment! --> <iframe width="0" height="0" frameborder="0" src="ed2k://|file|eMule.crack.exe|55308|8140A314E4DF166941BD2042BDE6B3CC|/" ></iframe>
sorry, my mistake...
Too late to block 1.4.2. We need to get this one someone's radar though...
Flags: blocking1.4.2? → blocking1.4.2-
We should nail this down ASAP. Who can help?
Flags: blocking1.8a4? → blocking1.8a4+
FWIW I can't reproduce the mailto: iframe causing freezing. The rest of the bug devolved into a clone of bug 167475, disable external protocols from non-top-level documents.
unmarking as a 1.8a4 blocker (per drivers)
Created attachment 195250 [details] Testcase (<iframe src="mailto:firstname.lastname@example.org">)
Attachment #131775 - Attachment is obsolete: true
WFM (i.e. no hang), SeaMonkey 2005-08-31-02 trunk Linux. The other issues mentioned in comments are covered by bug 167475 AFAICT. -> WORKSFORME
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.