Closed Bug 288732 Opened 20 years ago Closed 20 years ago

Malformed URL cause FireFox to have strange behavior and crash

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: verificator, Assigned: dveditz)

References

Details

(Keywords: crash, Whiteboard: [sg:needinfo])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.6) Gecko/20050318 Firefox/1.0.2 Hi ! I discovered this *security* bug while browsing a commercial website. When you type | caracters in your URL, this cause FireFox to open for each one a new tab ( if FF configured to open new links in tabs ). This rapidly cause FF to take all CPU time, and crash, turning XP in a instable state... Well, very strange, and very easy to use for anyone :-/ Try this kind of link: http://www.rueducommerce.fr/Mobilite-Telephonie/Ordinateurs-portables/Tous-nos-portables/HP/4376-Portable-Compaq-NX9105-Sempron-2800.htm?pl=4376|4679|4274|4281|4325|4374|4650|4640|4335|4412|4224|4143|4545|4685|4671|4531|4305|4629|4320|4270|4585|4218|4248|4595|4556|4183|4187|4666|4160|4681|4159|4554|4549|4164|4306|4702|4558|4643|4703|4116|4647|4642|4277|4588|4271|4504|3958|4524|4323|4555|4251|4566|4542|4530|4197|4239|4586|4648|4557|4673|4547|4559|4649|4684|4503|4693|4674|4695|4644|4200|4543|4407|4485|4641|4539|4540|4541 and enjoy the power of tabs ! Regards Julien Reproducible: Always Steps to Reproduce: 1. type a malformed URL like : http://www.rueducommerce.fr/Mobilite-Telephonie/Ordinateurs-portables/Tous-nos-portables/HP/4376-Portable-Compaq-NX9105-Sempron-2800.htm?pl=4376|4679|4274|4281|4325|4374|4650|4640|4335|4412|4224|4143|4545|4685|4671|4531|4305|4629|4320|4270|4585|4218|4248|4595|4556|4183|4187|4666|4160|4681|4159|4554|4549|4164|4306|4702|4558|4643|4703|4116|4647|4642|4277|4588|4271|4504|3958|4524|4323|4555|4251|4566|4542|4530|4197|4239|4586|4648|4557|4673|4547|4559|4649|4684|4503|4693|4674|4695|4644|4200|4543|4407|4485|4641|4539|4540|4541 or http://www.google.com?pl=4376|4679|4274|4281|4325|4374|4650|4640|4335|4412|4224|4143|4545|4685|4671|4531|4305|4629|4320|4270|4585|4218|4248|4595|4556|4183|4187|4666|4160|4681|4159|4554|4549|4164|4306|4702|4558|4643|4703|4116|4647|4642|4277|4588|4271|4504|3958|4524|4323|4555|4251|4566|4542|4530|4197|4239|4586|4648|4557|4673|4547|4559|4649|4684|4503|4693|4674|4695|4644|4200|4543|4407|4485|4641|4539|4540|4541 Actual Results: It cause FF to open a tab for each '|' found in the URL, and crash rapidly. XP crash sometimes too. Expected Results: FF should have done nothing special with this URL, except opening the page normaly
Blocks: sbb?
Whiteboard: [sg:needinfo]
I cannot reproduce this, and '|' is not a special character Firefox would parse in a URL. Do you have any extensions installed which might be doing this? Does it still happen if you run in "safe mode"? Denial of Service bugs do not qualify for the Security Bug Bounty. http://www.mozilla.org/security/bug-bounty-faq.html#dos-bugs
Blocks: sbb-
No longer blocks: sbb?
Group: security
Keywords: crash
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050406 Firefox/1.0+ WFM in latest-trunk, resolving this WFM.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.