User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050703 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050703 Firefox/1.0+ Firefox freezes when rendering "javaprxy.dll" COM Object Exploit. I'll attach the testcase in a minute. Setting security flag in case it is exploitable. Reproducible: Always Steps to Reproduce: 1. view the attached testcase in Firefox Actual Results: Firefox freezes and memory usage starts climbing very rapidly. Expected Results: Cope with the situation in a more subtle way :)
testcase generated by the Perl script for the Microsoft Internet Explorer "javaprxy.dll" COM Object Exploit..
Assignee: general → nobody
Product: Core → Firefox
I doubt this is a security bug. /be
I can confirm that I get some insane memory usage with the testcase, Firefox spiked at somewhere over a gig of memory used, cycling up and down. That said, this really constitutes a DoS which we don't really consider a "security" issue, iirc. FWIW, its just swapping that'll hose users. With two gigs of memory in this system, it barely slows things down here.
OK, so someone please remove the security-sensitive flag - I can't.
What's using all that memory? We trying to lay out a huge .exe as text/* ? /be
Status: UNCONFIRMED → NEW
Ever confirmed: true
Clearing flag: publicly announced by frsirt
*** Bug 300175 has been marked as a duplicate of this bug. ***
i can confirm that firefox 1.5 rc3 is affected.
PSPFrenzy@gmail.com: i don't know who you are, or why you think we wanted a confirmation or what kind of confirmation you're giving, but your comment added absolutely no value. so far i see nothing wrong here.
the hang here is not related to java. we don't load java for this testcase because we don't know or care about that classid. java only comes into play when an activex control host (mshtml) honors the object tag.
No longer blocks: 353557
Not seeing a hang or *actual* memory difference (the dialog doesn't reflect reality in task manager or similar. As comment #13 noted, the clsid will just be ignored... marking this WFM. Please only reopen if you have new information.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.