Closed
Bug 307084
Opened 19 years ago
Closed 18 years ago
Loading mail message kills X
Categories
(SeaMonkey :: MailNews: Message Display, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: brunelle, Unassigned)
Details
(Keywords: crash, Whiteboard: [sg:needinfo])
Attachments
(1 file)
34.96 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:7.1.3) Gecko/20030726 Netscape7/7.1 Build Identifier: mozilla-i686-pc-linux-gnu-1.7.11-installer.tar.gz mozilla-i686-pc-linux-gnu-1.7.11-installer.tar.gz Messages on a Mac technical forum have been posted containing a binary string as text within the message as part of the forum's communications (that is, this is not malicious code). Merely clicking on the message subject in the mailbox summary (which, of course, loads it) crashes not merely the application, but X as well. Really potent! If I manage to select the message within a group of several, I can drag the group to another mailbox. There is, of course, no way to identify an affected message before attempting to read (load) it. And most messages, of course, don't have the problem. I suppose the means by which this occurs could be copied and misused as anti-Mozilla/anti-Linux malware. MAYBE that makes it a security issue, dunno. I wish to send you a small mailbox file including several examples, but don't see any place on this form to attach. You may email me with handling instructions to get this to you. Reproducible: Always Steps to Reproduce: 1. Load an affected message 2. 3. Actual Results: X crashed. Expected Results: Not crash.
Comment 1•19 years ago
|
||
You can add files using the "Create a New Attachment" link. It's not available during the initial bug creation, but you can add the testcases now. If they're large please zip/tar.gz them. What build are you reporting this against? The "Build Identifier" says you're using a linux 1.7.11 suite build, the User-Agent says an old windows netscape 7.1 (though the "rv:" portion appears bogus, so probably spoofed). What version of X and Linux are you running?
Keywords: crash
Whiteboard: [sg:needinfo]
Reporter | ||
Comment 2•19 years ago
|
||
This mailbox file should have several examples of messages containing the problem binary string. (Also had to include some non-problem messages in the drag-and-drop, as the first message you point at loads.) I can view the "icky" string OK in Xemacs, but by no means with Mozilla. Therefore, I construe that Mozilla is in some way trying to execute the string or cause it to be executed. After X crashes, the console reports some number of attempts to do something with fd0, which is fairly insane. I could see real potential for use of such behavior in a DoS attack. I'm running Fedora Core 2, Mozilla 1.7.11 (downloaded within the last week and replaceing 1.7.7), and had at the time a user-agent override string for the purpose of trying to view some "IE-enhanced" websites. Please let me know if there remains something helpful for me to do. Thanks!
Updated•19 years ago
|
Attachment #195070 -
Attachment mime type: application/octet-stream → text/plain
Comment 3•19 years ago
|
||
From email he's got X Protocol Version 11, Revision 0, Release 6.7 Build Operating System: Linux 2.4.21-25.ELsmp i686 [ELF] Current Operating System: Linux gideon.home.net 2.6.10-1.9_FC2 #1 Thu Jan 13 17:54:57 EST 2005 i686 I suspect this is in the common rendering code. David or Asa, could you try this in Thunderbird on X, preferably a system similar to the one described (Fedora Core 2) if we have it? Just copy the attachment to your mail Local Files and it'll appear as new folder.
Comment 4•19 years ago
|
||
I cannot reproduce with the latest 1.5 beta 1 build on FC4.
Updated•18 years ago
|
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•