Closed
Bug 212064
Opened 22 years ago
Closed 22 years ago
<img src=file:///c:/aux> crashes OS
Categories
(SeaMonkey :: General, defect)
Tracking
(Not tracked)
People
(Reporter: vimages, Unassigned)
Details
Attachments
(1 file)
|
101 bytes,
text/html
|
Details |
This bug is based on a current discussion from the full-disclosure list about a
new/old crasher in IE. If a page is opened that calls <img src=file:///c:/aux>,
Mozilla will first crash, eventually taking the OS (in my test case, Win98SE)
with it. Potential SECURITY bug.
Tested with: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624
To reproduce:
1) Jot down this bug number first, so you may return after rebooting. ;)
2) Using Win98SE, or another damaged OS, open the attached file.
Results: Mozilla will freeze. Attempts to close Moz via crtl-alt-del will fail,
with Explorer eventually failing and requiring a forced reboot. No talkback data
is generated.
Expected results: Moz catches the call, and keeps evil things from happening.
Opening this attachment will crash affected OS's. Be warned.
Note that this could also be triggered by an email if autoloading of images was
enabled, as I believe it is by default in 1.4.
|
||
Comment 3•22 years ago
|
||
It has nothing to do with Mozilla (try "Start -> Run" for example). The best
thing we can do it to try to block these url's (COM, AUX, NUL, ...)
See bug 29079 comment 28 for a Windows update.
*** This bug has been marked as a duplicate of 29079 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
I don't agree with marking this bug 212064 duplicate, except in the general
sense. This was tested on a Win98SE system with all patches and still fails.
Yes, it may be release noted, but a patched system shouldn't fail, right?
OK, retested after *reapplying* MS patch mention in bug 29079 comment 28 and Moz
still crashes and takes OS with it. This may or may not be a dupe as I don't see
in the previous bug where anyone confirmed if the patch worked or not. Reopening.
At the least, Moz should block these urls.
** Note that this would likely affect NSCP 7.1 as well.
Bug triggers:
1) Visiting a page with malicious code
2) Email recieved with malicious code and images autodisplayed
One spam with this code could take down a LOT of machines. I haven't even delved
into the security implications yet.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
|
||
Comment 6•22 years ago
|
||
> Moz should block these urls.
Isn't that *exactly* what the other bug is about?
Well... I suppose. Bug 29079 (and several related bugs) talk around it, but do
nothing. However...
1) The MS patch cited doesn't appear to work in this case.
2) There are no release notes (checked 1.4) regarding the issue.
The ease (and possible maliciousness) of triggering this bug is a tad scary.
I'm also of the opinion that a bug that hasn't had any *real activity* (such as
Bug 29079) in nearly two years will simply be ignored. That's just me though...
-jim (cranky old bastard)
|
||
Comment 10•22 years ago
|
||
dupe of bug 69070
>Regardless, the problem still ain't fixed after years...
Feel free to attach a patch
*** This bug has been marked as a duplicate of 69070 ***
Status: REOPENED → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → DUPLICATE
|
Reporter | |
Comment 11•22 years ago
|
||
chuckle. Marking a bug as a duplicate against a bug that's already marked a
duplicate.
::sigh::
|
||
Updated•20 years ago
|
Product: Browser → Seamonkey
|
||
Comment 12•20 years ago
|
||
V/dupe.
Jim: not sure what you mean here, bug 69070 is fixed. This is probably best
marked as a depends, but not clearly different problem, right?
Status: RESOLVED → VERIFIED
QA Contact: general → benc
Summary: Mozilla crashes calling <img src=file:///c:/aux>. Takes OS with it. → <img src=file:///c:/aux> crashes OS
You need to log in
before you can comment on or make changes to this bug.
Description
•