Invalid iframe src protocol (mailto:) causes freezing

RESOLVED WORKSFORME

Status

()

Core
Layout: HTML Frames
P2
critical
RESOLVED WORKSFORME
16 years ago
13 years ago

People

(Reporter: Aldis Viesturs, Assigned: John Keiser (jkeiser))

Tracking

({hang, testcase})

Trunk
Future
x86
Windows XP
hang, testcase
Points:
---
Bug Flags:
blocking1.4.2 -

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

16 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530
BuildID:    2002053012

Can be used to launch a dos on user visiting url, probably same html can be
inserted into an html mail.



Reproducible: Always
Steps to Reproduce:
1.Visit http://alv.times.lv/crashnosriptrequired.html
2.
3.

Actual Results:  New compose mail window opens. Mozilla freezes.

Expected Results:  nothing

Mozilla shold stop evaluating <iframes after certain depth is reached.
Mozilla shold ignore iframe tags with src other than
src='http:',src='file:',src= without protocol specified.

Comment 1

16 years ago
Confirm the action specified. Running moz 2002071308, on Windows 2000. Moz froze.
I get many different assertions in a debug build.

confirming with win2k build 20020720..
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: hang

Comment 3

16 years ago
confirmed 2002072204/win2000

Comment 4

16 years ago
confirm with 200271808 WinXP.  Get popup message that states:

Alert:

Composer cannot edit HTML framesets, or pages with inline frames.  For
framesets, try editing the page for each frame separately.  For pages with
iframces, save a copy of the page and remove the <iframe> tag.
->HTML Frames.
What protocols should we handle in frames? http://, ftp://, and data: are the 
first 3 that come to my mind.
Assignee: attinasi → jkeiser
Component: Layout → HTMLFrames
QA Contact: petersen → amar

Updated

16 years ago
Priority: -- → P2
Bulk moving P1-P5 un-milestoned bugs to future. 
Target Milestone: --- → Future

Comment 7

15 years ago
Confirmed in 12/16 Trunk build, Win XP
Keywords: testcase

Comment 8

15 years ago
Created attachment 131775 [details]
eMule Exploit with IFRAME SRC

It is possible to start downloads in emule with that "exploit" without any
notice of the user.

You visit a page and the page starts some downloads in the background.
The image src bug is bug 181860 
Please don't morph bug reports

Comment 10

15 years ago
image src?? I posted an iframe src attachment!

-->
<iframe  width="0" height="0"  frameborder="0"
src="ed2k://|file|eMule.crack.exe|55308|8140A314E4DF166941BD2042BDE6B3CC|/"
></iframe>
sorry, my mistake...

Updated

15 years ago
Flags: blocking1.4.2?

Comment 12

14 years ago
Too late to block 1.4.2. We need to get this one someone's radar though...
Flags: blocking1.4.2? → blocking1.4.2-

Updated

14 years ago
Flags: blocking1.8a4?

Comment 13

14 years ago
We should nail this down ASAP. Who can help?
Flags: blocking1.8a4? → blocking1.8a4+
FWIW I can't reproduce the mailto: iframe causing freezing.

The rest of the bug devolved into a clone of bug 167475, disable external
protocols from non-top-level documents.
unmarking as a 1.8a4 blocker (per drivers)
Flags: blocking1.8a4+
Created attachment 195250 [details]
Testcase (<iframe src="mailto:user@example.com">)
Attachment #131775 - Attachment is obsolete: true
WFM (i.e. no hang), SeaMonkey 2005-08-31-02 trunk Linux. The other issues
mentioned in comments are covered by bug 167475 AFAICT.

-> WORKSFORME
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.