Status

()

defect
P3
critical
VERIFIED DUPLICATE of bug 29079
20 years ago
16 years ago

People

(Reporter: jeromekwok, Assigned: chofmann)

Tracking

({crash})

Trunk
x86
Windows 95
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

()

Reporter

Description

20 years ago
Type "C:\nul\nul" in the location bar and press enter.  Mozilla will crash on 
WinNT4 SP6, BSOD/Reboot on Win95.  Same as the IE security problem.  12 March 
build.
I think this might have something to do with it:

Due to an inherant fault within the Microsoft Windows 95 and Windows 98
operating system, local and remote users have the capability of crashing the
system by simply requesting any permutation of a path and filename referring to
a reserved DOS device name in the manner of device\device.

The following device names have been known to render a system unstable: CON,
NUL, AUX, PRN, CLOCK$, COMx, LPT1, and CONFIG$.

Exploiting this vulnerability can be done in a number of ways. Local users are
able to crash the operating system by attempting to open a file of
device\device, eg. within Microsoft Word, the Run dialog box, or at a command
prompt. The same results can be achieved by visiting a website and viewing an
HTML file with a local reference to device\device such as <img src="c:\con\con">.

It is possible to remotely crash a Windows 95/98 machine as well. This bug is
exploitable remotely via any service that involves the remote user specifying
paths on the target ie ftp or web services, netbios shares, etc. Examples:
FTP: ftp> ls nul/nul
WWW: http ://target/con/con
\\target\prn\prn
etc.

from http://www.securityfocus.com

seems very likely although they report
vulnerable	Microsoft Windows 98
		Microsoft Windows 95

not vulnerable	Microsoft Windows NT 4.0
		Microsoft Windows NT 2000.0

wonder if there is anything we can do, but im comfirming the bug
Status: UNCONFIRMED → NEW
Ever confirmed: true
setting severity and keywords and adding myself to the cc list
Severity: normal → critical
Keywords: crash

Comment 3

20 years ago
This is a duplicate of bug #29079.

Comment 4

19 years ago

*** This bug has been marked as a duplicate of 29079 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE

Comment 5

19 years ago
verified duplicate
Status: RESOLVED → VERIFIED

Updated

16 years ago
Component: Tracking → XPCOM
You need to log in before you can comment on or make changes to this bug.