Closed
Bug 465615
Opened 16 years ago
Closed 16 years ago
Very long Radius value for CIRCLE attribute in SVG results in DoS Condition
Categories
(Core :: SVG, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 393832
People
(Reporter: thierry, Unassigned)
Details
(Keywords: hang, Whiteboard: [sg:dos])
Attachments
(1 file)
243 bytes,
application/xhtml+xml
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
r='1.79769313486231E+308'
Reproducible: Always
Steps to Reproduce:
1.Open attached file
2.
3.
Actual Results:
Consumes lots of ressources and not longer response to user input
Reporter | ||
Comment 1•16 years ago
|
||
Updated•16 years ago
|
Component: Security → SVG
Product: Firefox → Core
QA Contact: firefox → general
Comment 2•16 years ago
|
||
Might be a cairo bug rather than SVG (seems to be looping in libthebes), but I can definitely confirm the DoS.
Reporter | ||
Comment 3•16 years ago
|
||
Any action planed on this (would see this as a low risk issue)
personally, i intend to open this bug to the public unless someone gives me a reason not to.
DoS isn't critical, there are many ways to do that, and if the user kills their firefox, they can uncheck the tab when they restore. if session restore doesn't have a good enough way for users to incrementally load pages then that's a bug in session restore.
a bug like this is more likely to be fixed by being visible to more people than by leaving it in a closet.
Reporter | ||
Comment 5•16 years ago
|
||
I do not oppose to that, no other vendor is affected. Denial of Service is a vulnerability, depends on where the application or code is being it might be very
critical. Unlikely but possible.
Anyways: I hereby set the disclosure date to the 15th of January.
-> http://blog.zoller.lu/search/label/Vulnerability%20disclosure%20Policy
Regards,
Thierry
Comment 6•16 years ago
|
||
Group: core-security
Comment 7•16 years ago
|
||
Is there any significant difference between this and bug 393832?
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 9•16 years ago
|
||
The bug is marked as resolved, is there a patch?
Comment 10•16 years ago
|
||
It has been marked as a duplicate of a bug that hasn't been fixed yet.
You need to log in
before you can comment on or make changes to this bug.
Description
•