The default bug view has changed. See this FAQ.

DoS Vulnerabilities in Firefox 1.0.x

RESOLVED DUPLICATE of bug 320182

Status

()

Firefox
Security
RESOLVED DUPLICATE of bug 320182
11 years ago
11 years ago

People

(Reporter: Waldegger Thomas, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dupe 320182], URL)

(Reporter)

Description

11 years ago
User-Agent:       **** her gently
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

I know that this bug is obsolete after the release of Firefox 1.5 Final but
I thought you should know about it.

The following HTML code forces Firefox 1.0.x to crash:
> <frameset></frameset>
> <samp><del><table><option><caption><map><del><table><address>

A variation of Firefox 1.0.x DoS bug:
> <frameset></frameset>
> <table><p><form><map><dl><table><small>

Affected versions:
> Firefox 1.0.7 - GNU/Linux (Gentoo, Slackware, Debian)
> Firefox 1.0.7 - Solaris
> Firefox 1.0.7 - Windoze 2k / XP SP2
> Firefox 1.0.6 - XP SP2
> Firefox 1.0.4 - GNU/Linux (Gentoo, Slackware, Debian)
> Firefox 1.0.4 - XP SP2
> Firefox 1.0.1 - XP SP2
> Firefox 1.0.0 - XP SP2

Reproducible: Always

Steps to Reproduce:
Visit online demos:
http://morph3us.org/security/pen-testing/firefox/firefox107-1128143204906-nosymbols.00000000.html
http://morph3us.org/security/pen-testing/firefox/firefox107-1128286668234-nosymbols.00000000.html
Actual Results:  
Access Violation
Blake, is this the same as bug 269095 (and thus bug 320182 for the 1.0 branch)?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Yes.
Duping to the tracking bug for getting the bug 269095 fix into the 1.0.x branch

*** This bug has been marked as a duplicate of 320182 ***
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 320182]
Group: security
You need to log in before you can comment on or make changes to this bug.