If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

crash closing browser window with a very long title (win2k)

RESOLVED EXPIRED

Status

SeaMonkey
General
--
critical
RESOLVED EXPIRED
13 years ago
12 years ago

People

(Reporter: Michael Knorr, Unassigned)

Tracking

({crash})

Trunk
x86
Windows 2000
crash

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dos?])

Attachments

(2 attachments)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.1) Gecko/20040707
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.1) Gecko/20040707

After opening the first attached test page and closing the browser window,
Mozilla crashes. The interesting thing is, that neither Talkback nor Windows
2000 seem to notice the crash. All Mozilla windows are closed and quickstart is
no longer active (the Mozilla quickstart icon disappears after hovering over it
with the mouse) .
Opening the second attached file and closing the window with this file opened,
the browser doesn't crash.
The first attached page's title has a length of 278 characters, the second
attached page's title length is 277 characters. These seem to be the magic
numbers. The smallest number of characters I could reproduce the crash with was
278 characters.

Now comes the odd part: After opening the second page and closing it, then
opening the first page again and closing that, nothing crashes. Even completely
exitting Mozilla and quickstart doesn't change the odd behaviour that now
closing the first page also doesn't crash Mozilla anymore. Only after a complete
restart of the PC, closing the first page crashes Mozilla again.
Perhaps it's a bug in Win2k. I could reproduce this behaviour on a second Win2k
machine, so it's not a problem with one installation. Haven't tried it yet on
Linux or WinXP.

Sorry if it is not a security related bug, but I wasn't sure whether this could
be a buffer overflow, so I marked it as security related.


Reproducible: Always
Steps to Reproduce:
1.open first attached page
2.close window

Actual Results:  
Mozilla crashes without any messages

Expected Results:  
No crash
(Reporter)

Comment 1

13 years ago
Created attachment 153396 [details]
278 character title crashes Mozilla
(Reporter)

Comment 2

13 years ago
Created attachment 153397 [details]
277 character title doesnt' crash Mozilla
To test, you should have more than one browser window open when you close the
window with the long title to be able to detect the crash, right?

Anyway, I can't reproduce this on WinXP using Mozilla 1.7.1 or Firefox 0.9.2.
(Reporter)

Comment 4

13 years ago
(In reply to comment #3)
> To test, you should have more than one browser window open when you close the
> window with the long title to be able to detect the crash, right?
Yes, you need at least two browser windows open to detect the crash. When you
close the window with the long title, all other browser windows will be gone, too.

> Anyway, I can't reproduce this on WinXP using Mozilla 1.7.1 or Firefox 0.9.2.
I now tried it on a WinXP machine, too. It did not crash on WinXP. Seems to be a
Win2000 only problem.
On Winxp I tried a title with 22K chars with no problem.

If win2k is a problem we should try Win9x/ME as well. Clearing sensitive flag so
this can get more eyes. If it's an issue it would presumably affect IE as well.
We don't normally keep simple crashes secret unless there's evidence of
exploitability
Group: security
Keywords: crash
Summary: crash if I close a browser window with a very long title → crash closing browser window with a very long title (win2k)
Whiteboard: [sg:dos?]
Product: Browser → Seamonkey
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/
This bug has been automatically resolved after a period of inactivity (see above
comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → EXPIRED
You need to log in before you can comment on or make changes to this bug.