If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

browser crash, no error message, heavy embeded content use, javascript generated html

RESOLVED WORKSFORME

Status

()

Firefox
General
--
critical
RESOLVED WORKSFORME
14 years ago
14 years ago

People

(Reporter: Aaron Peterson, Assigned: Blake Ross)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040302 Firefox/0.8.0+
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040302 Firefox/0.8.0+

case of the p00fing browser

Reproducible: Always
Steps to Reproduce:
1.load that url
2.or other ones in the parent directory..
3.http://dsl-cda-411.icehouse.net/tutortools/

note, one or two of these actually work in Internet Explorer on windows 98 and
windows XP

Actual Results:  
click on link, and P00f

(note, instead of dsl-cda-411.icehouse.net , I had it as localhost)

Expected Results:  
render the page possibly... but error message saying that it came across a
horrible error is ok too...

anything but die die die.. actually die die die isn't that bad... well die die
die is better than what I think happened...



possible security breach...

Note, 

flashplayer.xpt  javaplugin_oji.so  libjavaplugin_oji.so  libnullplugin.sox 
nppdf.so
java2            libflashplayer.so  libnullplugin.so      mplayerplug-in.so 
npsqueak.so

are the plugins installed on my computer... I suspect that mplayerplug-in could
be part of the problem...

I would guess that most crashes are also security problems... but I have no idea
how to exploit it further than a crash, so I don't think it qualifies

Comment 1

14 years ago
All the URLS you specified WFM

Here are some console messages:

###!!! ASSERTION: do not know the TrueType encoding: '(i != n) || ( 0 !=
platformUnicodeOffset)', file
../../../../src/gfx/src/mac/nsMacUnicodeFontInfo.cpp, line 359
Break: at file ../../../../src/gfx/src/mac/nsMacUnicodeFontInfo.cpp, line 359
###!!! ASSERTION: do not know the TrueType encoding: '(i != n) || ( 0 !=
platformUnicodeOffset)', file
../../../../src/gfx/src/mac/nsMacUnicodeFontInfo.cpp, line 359
Break: at file ../../../../src/gfx/src/mac/nsMacUnicodeFontInfo.cpp, line 359
###!!! ASSERTION: do not know the TrueType encoding: '(i != n) || ( 0 !=
platformUnicodeOffset)', file
../../../../src/gfx/src/mac/nsMacUnicodeFontInfo.cpp, line 359
Break: at file ../../../../src/gfx/src/mac/nsMacUnicodeFontInfo.cpp, line 359
###!!! ASSERTION: do not know the TrueType encoding: '(i != n) || ( 0 !=
platformUnicodeOffset)', file
../../../../src/gfx/src/mac/nsMacUnicodeFontInfo.cpp, line 359
Break: at file ../../../../src/gfx/src/mac/nsMacUnicodeFontInfo.cpp, line 359
WARNING: ATSUFONDtoFontID failed, file
../../../../src/gfx/src/mac/nsATSUIUtils.cpp, line 290
WARNING: GetTextLayout return nsnull, file
../../../../src/gfx/src/mac/nsATSUIUtils.cpp, line 385
Mar  7 15:38:28 iMac024
/Volumes/Ben/mozilla-realclean/phoenix/dist/Firefox.app/Contents/MacOS/firefox-bin:
*** Warning: ATSUMeasureText has been deprecated.  Use ATSUGetUnjustifiedBounds
instead. *** 


For audio/x-wav found plugin QuickTime Plugin.plugin
/Volumes/Ben/mozilla-realclean/phoenix/dist/Firefox.app/Contents/MacOS/firefox-bin:
can't map file: /Library/Internet Plug-Ins/QuickTime Plugin.plugin ((os/kern)
invalid argument)
[loaded plugin /Library/Internet Plug-Ins/QuickTime Plugin.plugin]


JavaScript error: 
http://dsl-cda-411.icehouse.net/tutortools/ascitutortools3.htm line 85: flub is
not defined

###!!! ASSERTION: Couldn't install Carbon window event handler: 'err == noErr',
file ../../../../src/widget/src/mac/nsMacWindow.cpp, line 587
Break: at file ../../../../src/widget/src/mac/nsMacWindow.cpp, line 587

Ben

Comment 2

14 years ago
No Crash here with: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b)
Gecko/20040329 Firefox/0.8.0+

JavaScript Console gives one error:
Error: uncaught exception: [Exception... "Invalid ClassID or ContractID" 
nsresult: "0x80570017 (NS_ERROR_XPC_BAD_CID)"  location: "JS frame ::
chrome://inspector/content/jsutil/system/file.js :: <TOP_LEVEL> :: line 119" 
data: no]
(Reporter)

Comment 3

14 years ago
Well, it doesn't crash now! 
it did before! 
 
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040329 Firefox/0.8.0+ 
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.