Closed
Bug 332602
Opened 18 years ago
Closed 8 years ago
crashes found by hamachi fuzzer at metasploit
Categories
(Core Graveyard :: Tracking, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: bernd_mozilla, Assigned: chofmann)
References
(Blocks 1 open bug, )
Details
(Keywords: meta, sec-other, Whiteboard: [sg:nse meta])
Attachments
(1 file)
23.95 KB,
text/html
|
Details |
The folks there released a fuzzer which they claim crashes 1.0.7 and other browsers. I think we need to watch them as they will not file bugs. The current version (0.4) is difficult to run as it is single javascript thread which will cause the long script protection to kick in
I modified the testcase v0.4 so that it does use TimeOut and shows somehting in the console its intended for use with debug builds. It seems to hang somehow in the Applet testcase. After it hangs the browser goes into semi zombie state.
> WARNING: requested removal of nonexistent window
> GetPrimaryFrameFor() called while nsFrameManager is being destroyed!
Comment 3•18 years ago
|
||
Bernd, other people also noticed about this fuzzer, see bug 332606.
Comment 4•18 years ago
|
||
The testcase is public and blogged about in various places, what does a private bug buy us vs. the obvious duping? I guess we could talk about specific results in private, but we could do that in any linked bugs. A public bug would give us a spot to hang any publicly found crashes (like the Zalewski bug). We've got an improved script here we may or may not want to share, then again if anyone tries to run the stock script it does fix a rather obvious annoyance. The next obvious step is to augment the tool by adding Mozilla-specific terms to the arrays. So we can 1) dupe 332606 here and make this public 2) use 332606 to link crashes with stock hamachi and any future revisions, and morph this one into a parallel bug for "private improved hamachi"
Whiteboard: [sg:nse meta]
*** Bug 332606 has been marked as a duplicate of this bug. ***
->public
Group: security
CC list accessible: false
Not accessible to reporter
Summary: watch the hamachi fuzzer at metasploit → crashes found by hamachi fuzzer at metasploit
seems they learned the setTimeout trick allready http://metasploit.com/users/hdm/tools/see-ess-ess-die/cssdie.html
Comment 8•18 years ago
|
||
But he's using setInterval where he means setTimeout, which tends to cause problems (e.g. bug 261633).
Comment 9•8 years ago
|
||
Marking all tracking bugs which haven't been updated since 2014 as INCOMPLETE. If this bug is still relevant, please reopen it and move it into a bugzilla component related to the work being tracked. The Core: Tracking component will no longer be used.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•