All users were logged out of Bugzilla on October 13th, 2018

Firefox XML XUL parser memory corruption

VERIFIED DUPLICATE of bug 485941

Status

()

--
critical
VERIFIED DUPLICATE of bug 485941
10 years ago
10 years ago

People

(Reporter: samuelmarks, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8

Crashes on opening of html

- If you like I can host it on my website...

Just ask me!

Reproducible: Always

Steps to Reproduce:
1.Download the zip
2.Extract the zip
3.Open poc.html
Actual Results:  
Crash

Expected Results:  
Crash

- If you like I can host it on my website...

Just ask me!

Comment 1

10 years ago
Found on:

http://milw0rm.com/exploits/8306

Confirmed by me.

Hosted On: http://www.reelix.za.net/KO/Firefox 3.0.8.html

Comment 2

10 years ago
Created attachment 370366 [details]
Firefox 3.0.8 Crash File
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 485941
Verified.  Note that in fact there is no "XUL" involved, nor memory corruption.  All hail people just making stuff up.
Status: RESOLVED → VERIFIED
(Reporter)

Comment 5

10 years ago
Thanks for your replies (everyone)

Also, thanks for giving me access to the 'duplicate' bug.

Boris: What do you think it should be called, this security vulnerability?
It's a stack overflow caused by a deeply nested DOM tree (not to be confused with a stack buffer overflow).  See http://en.wikipedia.org/wiki/Stack_overflow

It's also not a security vulnerability; it doesn't allow the attacker to run code.  It's just a DoS.
(Reporter)

Comment 7

10 years ago
Oh, okay.

Although DoS's like this could be used the other way around...

Crashing Firefox then opening there own hacked version of Firefox...
Um.. if someone can run a hacked version of Firefox on your computer, you just lose.  Why would they need to crash the running one?  They could just ask it nicely to shut down.
(Reporter)

Comment 9

10 years ago
LOL

True True
You need to log in before you can comment on or make changes to this bug.