DoS Vulnerabilities in Firefox 1.0.x

RESOLVED DUPLICATE of bug 320182

Status

()

Firefox
Security
RESOLVED DUPLICATE of bug 320182
12 years ago
11 years ago

People

(Reporter: Waldegger Thomas, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dupe 320182], URL)

(Reporter)

Description

12 years ago
User-Agent:       **** her gently
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

I know that this bug is obsolete after the release of Firefox 1.5 Final but
I thought you should know about it.

The following HTML code forces Firefox 1.0.x to crash:
> <frameset></frameset>
> <samp><del><table><option><caption><map><del><table><address>

A variation of Firefox 1.0.x DoS bug:
> <frameset></frameset>
> <table><p><form><map><dl><table><small>

Affected versions:
> Firefox 1.0.7 - GNU/Linux (Gentoo, Slackware, Debian)
> Firefox 1.0.7 - Solaris
> Firefox 1.0.7 - Windoze 2k / XP SP2
> Firefox 1.0.6 - XP SP2
> Firefox 1.0.4 - GNU/Linux (Gentoo, Slackware, Debian)
> Firefox 1.0.4 - XP SP2
> Firefox 1.0.1 - XP SP2
> Firefox 1.0.0 - XP SP2

Reproducible: Always

Steps to Reproduce:
Visit online demos:
http://morph3us.org/security/pen-testing/firefox/firefox107-1128143204906-nosymbols.00000000.html
http://morph3us.org/security/pen-testing/firefox/firefox107-1128286668234-nosymbols.00000000.html
Actual Results:  
Access Violation
Blake, is this the same as bug 269095 (and thus bug 320182 for the 1.0 branch)?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Yes.
Duping to the tracking bug for getting the bug 269095 fix into the 1.0.x branch

*** This bug has been marked as a duplicate of 320182 ***
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 320182]
Group: security
You need to log in before you can comment on or make changes to this bug.