Fuzzer that makes random XBL bindings

NEW
Assigned to

Status

()

defect
13 years ago
3 years ago

People

(Reporter: jruderman, Assigned: jruderman)

Tracking

(Depends on 7 bugs, Blocks 1 bug, {meta, sec-other})

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:nse meta])

Attachments

(2 obsolete attachments)

This fuzzer makes random XBL bindings by copying DOM subtrees into <xbl:content> part of new bindings.  Sometimes it adds an <xbl:children/> somewhere in its copy of the subtree.

It assumes you have a copy of http://www.software.hixie.ch/utilities/cgi/test-tools/delayed-file.pl at http://localhost/cgi-bin/delayed-file.pl.  (I couldn't figure out how to get XBL working in a data: or javascript: URL due to the need for #bindingid at the end of the URL.  Another alternative was creating a file for each binding and encouraging the use of a RAM disk.)

So far it has only found one bug, bug 348049.  That bug is a security hole.
Posted file fuzzer-bindings.js (obsolete) —
Whiteboard: [sg:nse meta]
Posted file fuzzer-bindings.js 3.0 (obsolete) —
Attachment #233423 - Attachment is obsolete: true
Depends on: 360078
Shouldn't have security bugs assigned to nobody. Jesse can own his test bugs
Assignee: nobody → jruderman
Depends on: 366112
Depends on: 366207
> It assumes you have a copy of
> http://www.software.hixie.ch/utilities/cgi/test-tools/delayed-file.pl at
> http://localhost/cgi-bin/delayed-file.pl.  (I couldn't figure out how to get
> XBL working in a data: or javascript: URL due to the need for #bindingid at the
> end of the URL.  Another alternative was creating a file for each binding and
> encouraging the use of a RAM disk.)

See bug 243917, "Not possible to use data url scheme to embed xbl file into html", which is marked as invalid :(
Depends on: 367251
Depends on: 369051
Comment on attachment 242979 [details]
fuzzer-bindings.js 3.0

New version in bug 339948.
Attachment #242979 - Attachment is obsolete: true
Depends on: 373586
Depends on: 377592
Depends on: 377820
Depends on: 379105
Depends on: 379920
Depends on: 382376
Depends on: 383709
Depends on: 384740
Depends on: 385885
Depends on: 386566
Depends on: 386947
Depends on: 391904
Depends on: 395469
Depends on: 397574
Depends on: 397849
Depends on: 398466
Depends on: 398492
Depends on: 399946
Depends on: 401993
Depends on: 403360
Depends on: 403574
Depends on: 404125
Depends on: 404869
Depends on: 405184
Depends on: 405186
Depends on: 406900
Depends on: 406904
Depends on: 409573
Depends on: 412104
Depends on: 414058
Depends on: 415017
Depends on: 415192
Depends on: 415301
Depends on: 417109
Depends on: 418498
Depends on: 420233
Depends on: 420429
Depends on: 420785
Depends on: 420790
Depends on: 420835
Depends on: 425821
Depends on: 429085
Depends on: 429458
Depends on: 429623
Depends on: 429780
Depends on: 432068
Depends on: 433429
Depends on: 444030
Depends on: 451323
Depends on: 454736
Depends on: 454746
Depends on: 460876
Depends on: 463511
Depends on: 464149
Depends on: 464863
Depends on: 465466
Depends on: 468210
Depends on: 468546
Depends on: 471594
Depends on: 472260
Depends on: 472957
Depends on: 474181
Depends on: 476245
Depends on: 477740
Depends on: 479160
Depends on: 483120
Depends on: 489925
Depends on: 490760
Depends on: 493123
Depends on: 495354
Depends on: 497519
Depends on: 498036
Depends on: 499885
Depends on: 503991
Depends on: 508927
Depends on: 509547
Depends on: 513741
Depends on: 514104
Depends on: 514300
Depends on: 526381
Depends on: 532808
Depends on: 537059
Depends on: 537141
Depends on: 538070
Depends on: 541294
Depends on: 554202
Depends on: 559705
Depends on: 560435
Depends on: 560441
Depends on: 561981
Depends on: 564461
Depends on: 567292
Depends on: 569012
Depends on: 569674
Depends on: 580140
Depends on: 588226
Blocks: 1172704
No longer blocks: fuzz
Remote XBL, along with remote XUL, was disabled in bug 546857. As a result, this module of DOMFuzz no longer exists.
Group: core-security
Component: Tracking → Platform Fuzzing Team
You need to log in before you can comment on or make changes to this bug.