Closed Bug 311052 Opened 19 years ago Closed 19 years ago

Window title should be truncated before attempting gtk_window_set_title

Categories

(Firefox :: Shell Integration, defect)

Product:
Firefox
Component:
Shell Integration
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 167315

People

(Reporter: iwj, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:dupe 167315])

Attachments

(1 file)

DO NOT SIMPLY APPLY patch for gtk2 only
762 bytes, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Debian/1.7.8-1 Build Identifier: firefox 1.0.7-0ubuntu18 In a default configuration, visiting a web page with an unreasonably long <title> causes firefox 1.0.7 running under gtk2 to set the unreasonably long string as the window title. This is bad because not all software which deals with window titles is as careful as it ought to be. In particular, all versions of metacity before today (and some other parts of the Gnome infrastructure) crash under these conditions. It's clear that this is a bug in the Gnome programs which can't cope. However, firefox is on the security boundary: it takes untrusted input from a web page, and reproduces it into a bit of the soft underbelly of your window system. I think it's therefore strongly arguable that firefox ought to take at least some care to try to mitigate the effects of the (unsurprising) bugs in other applications running on the same desktop. As far as I can tell no-one has investigated whether this problem is exploitable but it would seem likely that it is at least in some configurations. References: http://bugzilla.ubuntu.com/show_bug.cgi?id=15995 http://bugzilla.gnome.org/show_bug.cgi?id=315070 Reproducible: Always I have a patch that helps on Ubuntu. I will submit that as an attachment after filing this bug. I am marking this as a security bug because I think it is security-relevant, even though (a) firefox is not /in itself/ vulnerable and even though (b) the problem is documented publicly elsewhere. I'm doing that because I would like to see this issue addressed in a future firefox security update. I hope this is the correct thing to do; please let me know if not.
This patch avoids the problem in my tests with gtk2 on Ubuntu. However, I'm not sure if I've fixed it in the right place. It would have been better to do it at the next layer up, so that it would be right on all windowing systems. I'm afraid I couldn't find where to do that. If you agree that this is a problem which firefox should try to address, fixing it for all window systems seems the obvious conclusion.
The Gnome developers have helpfully provided a reference to https://bugzilla.mozilla.org/show_bug.cgi?id=167315 which seems to be a version of this bug. But I still think this should be considered a security issue so it should be considered for a fix in a security update. So for that reason I'm not setting this report to RESOLVED DUPLICATE.
Status: UNCONFIRMED → NEW
Depends on: 167315
Ever confirmed: true
Whiteboard: [sg:dupe 167315] has patch
(In reply to comment #2) > it should be considered for a fix in a security update. So for that > reason I'm not setting this report to RESOLVED DUPLICATE. The prefered way is to nominate the real bug for the security release, especially one with a tested patch. Now done. *** This bug has been marked as a duplicate of 167315 ***
Group: security
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 167315] has patch → [sg:dupe 167315]
No longer depends on: 167315
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: