Very long Radius value for CIRCLE attribute in SVG results in DoS Condition

RESOLVED DUPLICATE of bug 393832

Status

()

defect
--
critical
RESOLVED DUPLICATE of bug 393832
11 years ago
10 years ago

People

(Reporter: thierry, Unassigned)

Tracking

({hang})

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dos])

Attachments

(1 attachment)

243 bytes, application/xhtml+xml
Details
(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4

r='1.79769313486231E+308' 

Reproducible: Always

Steps to Reproduce:
1.Open attached file
2.
3.
Actual Results:  
Consumes lots of ressources and not longer response to user input
(Reporter)

Comment 1

11 years ago
Component: Security → SVG
Product: Firefox → Core
QA Contact: firefox → general
Might be a cairo bug rather than SVG (seems to be looping in libthebes), but I can definitely confirm the DoS.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: hang
Whiteboard: [sg:dos]
(Reporter)

Comment 3

11 years ago
Any action planed on this (would see this as a low risk issue)

Comment 4

11 years ago
personally, i intend to open this bug to the public unless someone gives me a reason not to.

DoS isn't critical, there are many ways to do that, and if the user kills their firefox, they can uncheck the tab when they restore. if session restore doesn't have a good enough way for users to incrementally load pages then that's a bug in session restore.

a bug like this is more likely to be fixed by being visible to more people than by leaving it in a closet.
(Reporter)

Comment 5

11 years ago
I do not oppose to that, no other vendor is affected. Denial of Service is a vulnerability, depends on where the application or code is being it might be very
critical. Unlikely but possible.

Anyways: I hereby set the disclosure date to the 15th of January.
-> http://blog.zoller.lu/search/label/Vulnerability%20disclosure%20Policy


Regards,
Thierry
Is there any significant difference between this and bug 393832?
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: CVE-2009-1827
(Reporter)

Comment 9

10 years ago
The bug is marked as resolved, is there a patch?
It has been marked as a duplicate of a bug that hasn't been fixed yet.
You need to log in before you can comment on or make changes to this bug.