Closed Bug 439800 (CVE-2008-2786) Opened 16 years ago Closed 16 years ago

Crash when try to follow a link with a bad formated URL

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
3.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 402735

People

(Reporter: hexapode, Unassigned)

Details

(Whiteboard: [sg:needinfo])

Attachments

(1 file)

testcase, attached to the bug
262 bytes, text/html
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9) Gecko/2008052906 Firefox/3.0

When try to follow a link like :

<a href="/http%3A%2F%2Fwww.proof-of-concept.fr%2Fpoc%2Fpersonnel%2FGuillaume.Hexapode%2Fnode310.html">
  test
</a>

Firefox crash.

I've no time to look over it, but seems a overflow.

Reproducible: Always

Steps to Reproduce:
1.create a html page with a link like :

<a href="/http%3A%2F%2Fwww.proof-of-concept.fr%2Fpoc%2Fpersonnel%2FGuillaume.Hexapode%2Fnode310.html">
  test
</a>

2. visit this page.

3. clic on the link
Actual Results:  
crash

Expected Results:  
not crash ?

I use Firefox 3 Realease
No toolbarn, no pluggins.
Version: unspecified → 3.0 Branch
<a href="http://www.proof-of-concept.fr/poc/personnel/Guillaume.Hexapode/node310.html">http://www.proof-of-concept.fr/poc/personnel/Guillaume.Hexapode/node310.html</a>
?
I get a &quot;La page est introuvable&quot;

----

You forget the slash in fornt of your URL.



Which slash?
With http://www.proof-of-concept.fr/poc/personnel/Guillaume.Hexapode/node310.html/ , I still get a "page not found" error.

URL must be :

/http%3A%2F%2Fwww.proof-of-concept.fr%2Fpoc%2Fpersonnel%2FGuillaume.Hexapode%2Fnode310.html

with / in front

This web page doesn't exist. It's just to show the problem
Ah,ok, thanks. So your original code example is correct.
This is worksforme.
Pierre, does the crash also happens in safe mode?
http://support.mozilla.com/en-US/kb/Safe+Mode
Or with a new, clean profile?
Work in safe mode. I'll try to look from where can come.
pierre: do you crash with the testcase Martijn attached? it's possible we're still not interpreting you correctly.
Whiteboard: [sg:needinfo]
Yes I crash with the testcase Martijn attached when I'm not in safe mode.

When I use safe mode, I don't crash.

This WFM on the Mac. Martijn, did you try this on XP?
I tried on Vista.
Pierre, can you find out if one of your extensions is causing this crash?
I've test extension by extension.

And look like one of my extension is causing the crash :
Download accelerator plus ( http://www.speedbit.com/ ).

Sorry I don't take time to see where crash come from before.
Pierre, thanks for finding out why you were crashing!

This looks like the same bug as bug 402735 to me.
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Alias: CVE-2008-2786
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: