Closed Bug 1699994 Opened 4 years ago Closed 4 years ago

OOM crash with string doubling

Categories

(Firefox :: Untriaged, defect)

Firefox 86
defect

Tracking

()

RESOLVED INVALID

People

(Reporter: saumyaagrawal34, Unassigned)

Details

Attachments

(2 files)

Attached file crash-0day.html

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36

Steps to reproduce:

V U L N E R A B I L I T Y D E T A I L S
B u f f e r O v e r f l o w
V E R S I O N
8 6 . 0
O p e r a t i n g S y s t e m : W i n d o w s 1 0

R E P R O D U C T I O N C A S E
1 . O p e n t h e c r a s h - 0 d a y . h t m l f i l e i n
y o u r firefox b r o w s e r
2 . w a i t f o r f e w m i n u t e s a n d y o u r t a
b w i l l b e c r a s h e d

F O R C R A S H E S , P L E A S E I N C L U D E T H E F O L
L O W I N G A D D I T I O N A L I N F O R M A T I O N
T y p e o f c r a s h : t a b

C r a s h S t a t e : p o c i s i n a t t a c h m e n t

R e p o r t e r c r e d i t : S a u m y a A g r a w a l

Actual results:

The tab has been crashed

Expected results:

it should show that file like an html but the firefox tab has been crashed

Attached image Screenshot (274).png

POC

This is that string doubling crash that is a decade or so old that people like to keep reporting.

Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID

I haven't run this myself, but I'm going to assume it is a safe OOM crash.

Summary: Buffer Overflow → OOM crash with string doubling
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: