Closed Bug 159866 Opened 22 years ago Closed 22 years ago

Horrific Crash on malicious redirect to malformed URL (c:\nul\nul)

Categories

(Core Graveyard :: File Handling, defect)

Product:
Core Graveyard
Component:
File Handling
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: horkana, Assigned: Matti)

References

(
URL
)

Details

(Keywords: crash) 

http://www.netsoc.tcd.ie/~horkana/dev/web/crashcrashcrash/redirect_file-nul.html

windows 98 and all the 9x series suck rocks through a straw!
the malicious webpage i have crafted crashes windows to crash in several
varieties of IE (including 6) and several varities of Netscape products
(including 4.x) and Mozilla nightly builds (it is the redirect which i added
that makes this particularly malicous, i cannot remember the page i found the
exploit will try and add it later).  

like so
<meta http-equiv="refresh" content="0; URL=file://c:/nul/nul" >

perfectly reproducable but a royal pain in the ass to do so as i dont have
VMWare or such like and it takes down my entire machine.  Thank god for Linux,
another huge reason for me to use Gnome exclusively and ditch this skankey OS
completely.   </rant>

As a short term solution and useful feature, is there any way to
disable/disallow/warn on http redirects?
*** Bug 159867 has been marked as a duplicate of this bug. ***
*shrugs* Weird weird, my win98 won't crash. :-b  (buld 2002072808)

Also, I strongly beleive it's INVALID, because it's Microsoft's fault, and they
even have a patch for it. Here's the link:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-017.asp

Browser should NOT be responsible for Microsoft bugs and/or users who neglect
patching their computers.

Dixi.



fair enough, probably is invalid

I thought i was up to date and would have gotten the necessary patches with IE6
as microsoft often bundle important security fixes
keeping up to date with windows patches is not easy (certainly not as easy as
"apt-get"ting security updates) especially when some supposedly security updates
have quite wide ranging effects or disable functionality without clearly warning
you or try to get you to agree to unpleasant new license changes. 

i want to be a user not a sysadmin!

Anyway, i would still like to be warned if i am being redirected
ill go looking for existing bugs about redirect tomorrow and open a new one if
necessary

thanks 
> i want to be a user not a sysadmin!

Understood, but you've got a wrong address to complain about that to. The one
you need definitely ends with @microsoft.com ;)))

> Anyway, i would still like to be warned if i am being redirected
> ill go looking for existing bugs about redirect tomorrow and open
> a new one if necessary

Sounds great. Please keep in mind that Mozilla is a cross-platform product, and
implementing protection measures for one [buggy] platform may be pretty unwise
as it will cause unnecessary overhead for other platforms.

==> INVALID
Reasons: 1) Not a Mozilla bug (w95/98 bug as per Microsoft bulletin)
         2) Original reporter agreed with resolution (as per comment 3).

(Higher authorities might disagree and reopen the bug)
Status: NEW → RESOLVED
Closed: 22 years ago
Component: Browser-General → File Handling
Keywords: crash
Resolution: --- → INVALID
Whiteboard: verifyme
Summary: Horrific Crash on malicious redirect to malformed URL → Horrific Crash on malicious redirect to malformed URL (c:\nul\nul)
> i want to be a user not a sysadmin!

that goes for linux too, but things like apt-get/up2date/urpmi and the X setup
tools (http://www.ximian.com/devzone/projects/xst-devel.html if only any/more
distributions would use the same tools) are the Linux Standards Base (LSB) are
good steps in the right direction.  But this is completely offtopic :)

I am okay with this being marked as invalid.   

I am still worried about malicous redirects or having my browser hijacked so
more status information would definately be welcome.  

If i cannot find an existing relevant bug i may yet post a bug report requesting
some sort of give extra warning on http meta-refresh redirects or perhaps some
way to force all redirects to wait at least N (N=5,10,...) seconds.  

This would help make it more obvious to users when their back button seems not
to work because of 0 second meta-refresh redirects, and forcing up the minimum
allowed time before allowing a meta-refresh would give users enough time to
actually use the back button.
Status: RESOLVED → VERIFIED
Whiteboard: verifyme
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.