Potential DoS: Hang 100% cpu when open a large text file

RESOLVED WORKSFORME

Status

()

Firefox
General
--
major
RESOLVED WORKSFORME
10 years ago
8 years ago

People

(Reporter: Erik Perrohe, Unassigned)

Tracking

2.0 Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

The site is legitimate but it (currently) has a bad mime type.  Therefore the 9meg wmv gets treated as a text file.  

Opening a large text file causes Firefox to hang.  clicking the Stop button has no effect.  I have a reasonably fast (1.5Megbits) dsl connection, waiting for about 7 minutes did not recover from this condition.

AFAICT This problem (with large text files) was first reported in 2005 as part of bug: 242426 but since this issue was only a side note in that bug no action was taken towards it.



Reproducible: Always

Steps to Reproduce:
1. Open this link  http://media.xored.com/eclipsecon2007/dltk-tcl-debug.wmv

Actual Results:  
Result: Browser Hangs, thus I am calling it a potential DoS because the only way I could get out of it was to kill the browser.

With NoScript Enabled, the browser is totally non-responsive.  

With NoScript Disabled the browser responds with glacial speed on a 1.7GHz Pentium M.  But you are still not able to stop the download or achieve any useful response from the browser.


Expected Results:  
At minimum should be able to stop the download with the Stop button


Here are the headers:
Request:

GET /eclipsecon2007/dltk-tcl-debug.wmv HTTP/1.1
HOST: media.xored.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Referer: media.xored.com

=========
Response: 

HTTP/1.1 200 OK
Date: Wed, 09 Apr 2008 17:38:23 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Wed, 07 Mar 2007 02:29:50 GMT
ETag: "25c00d-93fafd-f6f9a380"
Accept-Ranges: bytes
Content-Length: 9698045
Connection: close
Content-Type: text/plain; charset=UTF-8


I would expect this website to fix their mime-type bug in the near future.  But you should be able to reproduce this problem with any 9 meg text file.

Comment 1

9 years ago
do you see this problem with newer noscript and firefox 3?
(Reporter)

Comment 2

9 years ago
Short Answer:  No, I can not reproduce this problem anymore.

Long Answer:  
As expected, the original website has fixed the mime-type error, so it is not possible to use that site anymore.  Therefore I set up a test using my server.  However, I note one difference between my server and the original server, my server is sending Transfer-Encoding: chunked    whereas the original sever was sending the file as a single huge block.  I can not easily reconfigure my server at this time to NOT do chunked transfers.   

Initially I created a "lorum ipsum" text file of the same size as the original wmv file.  When everything tested fine I took the additional step of copying  the original wmv file and forcing the bad mine type, in case the problem was related to the actual content of the file.  Both files were downloaded without any problems, the Stop button worked fine and the browser stayed responsive.

I have tested this with the following configs:

XP sp2  Firefox 2.0.17
win2k sp4  Firefox 3.0.4
Ubuntu 8.0.4  Firefox 3.0.4


The original problem was found with XP sp2 Firefox 2.0.15 and I was able to reproduce it in multiple tests.  But with the above configs and keeping in mind that my server is doing chunked transfer which is potentially following a different browser code path.  I am not able to reproduce this problem.

I do not currently have access to Firefox 2.0.15 and so can not test that config to reconfirm the original problem.  If you would like to try it with the test files that I have created they are available here:

www.compsalot.com   

    /testfiles/bugs.swb/mozbug/428077/bigfile.txt

    /testfiles/bugs.swb/mozbug/428077/dltk-tcl-debug.wmv


----------------
There is anther difference that I note which is that the behavior of Firefox has changed.  Despite the fact that I am lying to it and telling it that the mime type is text, it is (apparently) looking at the extension of the file and overriding what the server is telling it.


GET /testfiles/bugs.swb/mozbug/428077/dltk-tcl-debug.wmv  HTTP/1.1
HOST: www.compsalot.com

HTTP/1.1 200 OK
Date: Mon, 15 Dec 2008 22:33:50 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8


Result:  File Save/Open dialog appears and file is correctly identified as a wmv

So, bottom line is I think we can call the problem fixed/not repro in current versions of firefox.
This bug was reported on Firefox 2.x or older, which is no longer supported and will not be receiving any more updates. I strongly suggest that you update to Firefox 3.6.3 or later, update your plugins (flash, adobe, etc.), and retest in a new profile. If you still see the issue with the updated Firefox, please post here. Otherwise, please close as RESOLVED > WORKSFORME
http://www.mozilla.com
http://support.mozilla.com/kb/Managing+profiles
http://support.mozilla.com/kb/Safe+mode
Severity: critical → major
Version: unspecified → 2.0 Branch
No reply, INCOMPLETE. Please retest with Firefox 3.6.3 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INCOMPLETE
(Reporter)

Comment 5

8 years ago
retested in firefox 3.0.19  WORKSFORME
Resolution: INCOMPLETE → WORKSFORME
Glad it's gone, but please do update to 3.6.3, as 3.0 is no longer supported.
You need to log in before you can comment on or make changes to this bug.