Closed Bug 431206 Opened 17 years ago Closed 17 years ago

Crash [@ js_Invoke] after try to open popup window

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 425499

People

(Reporter: linuxuser, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.9b5) Gecko/2008032619 Firefox/3.0b5 (Slackware Linux) Build Identifier: Mozilla/5.0 (X11; U; Linux i686; pl; rv:1.9b5) Gecko/2008032619 Firefox/3.0b5 (Slackware Linux) I'm using on the webpage (unfortuently, due to NDA I can't say which one) script thickbox.js (http://www.codylindley.com) to open popup-windows. When the page is in server A, and I try to load pop-up window from server B (where authorization via "Authorization required" window is required), browser makes crash, but if i try to load popup from server B into page also in server B, everything works OK. I know, that I should send this bugreport to thickbox's author (I make it too), but Firefox should NOT crash in this case - it should display some error message, or authorization window or whatever, but without crash ;) Additionally, this bug can be used by some nasty people (buffer overflow/underflow ?), so it should be fixed ;) Reproducible: Always Steps to Reproduce: 1. load page from unsecured server 2. try to load popup from other, secured server Actual Results: Server crashes One of the crash reports: http://crash-stats.mozilla.com/report/index/a7d5fb6b-1555-11dd-9387-001cc45a2c28?p=1
I don't understand the steps to reproduce, which popup window are you talking about? I don't see a popup window appearing at http://www.codylindley.com/
You can find example popups here: http://jquery.com/demo/thickbox/ When i talk here about "popups" I mean iframe windows which are loaded by JavaScript code. And if I want open such "popup" with content from secured server (with AJAX), Firefox crashes.
Does the crash also happen with the latest nightly trunk build? http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/
No, trunk doesn't crash. It even doesn't try to connect with the server (I've checked if with sniffer)
Hmm. Now I'm wondering it doesn't connect with the server. Do you get js errors in the error console?
No, I haven't any errors (in 2.0.0.14 also no errors) (I've installed Firebug1.1beta extension, so if they are some minor bugs, it should show it). I think that there is something wrong with some JS file inside firefox or some library (Firefox makes crash with segmentation fault error, so in fact there is some vulnerability inside ff code). The best is what I've discovered right now: I've created completely new accout, and if I run beta5 under this new account, everything works OK, but the AJAX content wasn't loaded into iframe, but into main window. I'm in doubt :/ Can this depend on my configuration, that from 1 profile everything works OK, and from the other one not?
Oh, you have Firebug installed? I guess then this might be the same as bug 425499.
Summary: Crash after try to open popup window → Crash [@ js_Invoke] after try to open popup window
I think it is ;) Thx a lot for a help
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Group: security
You need to log in before you can comment on or make changes to this bug.