Closed
Bug 278778
Opened 20 years ago
Closed 20 years ago
Loading and closing chrome://browser/content/ in a new window or tab crashes firefox.
Categories
(Firefox :: General, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 264032
People
(Reporter: administrator, Assigned: bugzilla)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 I think I may inadvertantly found a bug that could be used for a "DoS exploit" that might even be able to become a buffer overflow in that: If you load chrome://browser/content in a new window or tab (should be easy to do in javascript, for example) and then close that window or tab (also should be easy to do), FireFox crashes completely at a consistent memory address. So far, I have reproduced this behavior in FireFox 1.0 on both Windows 2000 and XP. Reproducible: Always Steps to Reproduce: 1. Open FireFox. 2. Vist a website. 3. Open a new tab or a second window. 4. Enter "chrome://browser/content" in the address bar, it will load "chrome://browser/content/browser.xul" in that tab or window. 5. Close that tab or window, FireFox will crash at a consistant memory address. Actual Results: FireFox always crashes at a consistant memory address. Expected Results: Either: 1. Block such requests from the user. 2. Ignore such requests when not required. 3. Close only one instance of itself and not crash. Confirmed on Windows 2000 (SP0 and SP4) and Windows XP, all running FireFox 1.0.
|
||
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 264032 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
|
||
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•