Closed Bug 403010 Opened 17 years ago Closed 15 years ago

Mozilla Firefox 2.0.0.9 Remote Denial of Service

Categories

(Toolkit :: View Source, defect)

Product:
Toolkit
Component:
View Source
Version:
1.8 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: myiworm, Unassigned)

References

(
URL
)

Details

(Keywords: crash, testcase, Whiteboard: [sg:dos]) 

User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9

Firefox crashed after visiting http://myiworm.com/public/exploits/firefox2/firefox_2_0_0_9-denial_of_service.html - page, contain iframe with too many 'view-source:' handlers.

Reproducible: Always

Steps to Reproduce:
1. firefox http://myiworm.com/public/exploits/firefox2/firefox_2_0_0_9-denial_of_service.html

Actual Results:  
Crash.
Confirmed using the same build as the reporter. 
Does not happen on Mac OS, so the platform and OS is probably set right.
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
Group: security
Group: security
Keywords: testcase
Whiteboard: [sg:dos]
Doesn't crash current trunk on Windows

Talkback ID for crash: TB37875316M (Fx 2.0.0.7)

Incident ID: 37875316
Stack Signature	ntdll.dll + 0xeddc (0x7c90eddc) abf98e47
Product ID	Firefox2
Build ID	2007091417
Trigger Time	2007-11-08 20:58:21.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	ntdll.dll + (0000eddc)
URL visited	
User Comments	Bug 403010
Since Last Crash	69900 sec
Total Uptime	69900 sec
Trigger Reason	Stack overflow
Source File, Line No.	N/A
Stack Trace 	
ntdll.dll + 0xeddc (0x7c90eddc)
msvcrt.dll + 0x1c3c9 (0x77c2c3c9)
msvcrt.dll + 0x1c3e7 (0x77c2c3e7)
msvcrt.dll + 0x1c42e (0x77c2c42e)
nsStringBuffer::Alloc  [mozilla/xpcom/string/src/nsSubstring.cpp, line 205]
nsCSubstring::Assign  [mozilla/xpcom/string/src/nsTSubstring.cpp, line 306]
nsCSubstring::Assign  [mozilla/xpcom/string/src/nsTSubstring.cpp, line 367]
net_ExtractURLScheme  [mozilla/netwerk/base/src/nsURLHelper.cpp, line 463]
nsIOService::ExtractScheme  [mozilla/netwerk/base/src/nsIOService.cpp, line 447]
nsViewSourceHandler::NewURI  [mozilla/netwerk/protocol/viewsource/src/nsViewSourceHandler.cpp, line 89]
nsIOService::NewURI  [mozilla/netwerk/base/src/nsIOService.cpp, line 482]
nsViewSourceHandler::NewURI  [mozilla/netwerk/protocol/viewsource/src/nsViewSourceHandler.cpp, line 89]
nsIOService::NewURI  [mozilla/netwerk/base/src/nsIOService.cpp, line 482]
...
Keywords: crash
Version: unspecified → 2.0 Branch
Current update (2.0.0.10):
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10

firefox http://myiworm.com/public/exploits/firefox2/firefox_2_0_0_9-denial_of_service.html

Actual Results:  
Crash.
Product: Firefox → Toolkit
no crash with FF3.02 on vista
Can you please retest with a current Firefox ?
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.20) Gecko/20081217 4.0 (compatible; MSIE 7.0; Windows NT 6.0)

ff2:
http://myiworm.com/public/exploits/firefox2/firefox_2_0_0_9-denial_of_service_2.html

Actual Results:  
Crash.
ff2 is not current and FF2 is no longer supported 
BTW: why is a simple crash an exploit ? That's really misleading, there are many ways to crash or hang every browser.

The testcase is wfm with Seamonkey 1.9.1 branch and Firefox 3.0.6, marking worksforme
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.