Closed Bug 504001 Opened 15 years ago Closed 15 years ago

Firefox 3.5 Vulnerable to Heap Spray Attack

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
1.9.1 Branch
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 503286

People

(Reporter: dtran, Unassigned)

References

(
URL
)

Details

(Keywords: crash, regression)

Attachments

(1 file)

Crashing testcase with heap sprayer removed
1.49 KB, text/html
Details 
I hit the HTML page whose code is here (http://www.milw0rm.com/exploits/9137 - don't worry, that won't generate the crash) from my localhost, which caused Firefox to crash and had problems restoring my tabs upon reopening. I'm running OS X 10.5, whereas we couldn't replicate this on 64-bit Ubuntu.
Crash without crash reporter? What's the stack (link to crash report)?
Here's an example crash report:
http://crash-stats.mozilla.com/report/index/c521c5d3-404b-44bd-8fdd-2678e2090713?p=1
Assignee: nobody → general
Component: Security → JavaScript Engine
OS: Mac OS X → All
Product: Firefox → Core
QA Contact: firefox → general
Version: 3.5 Branch → 1.9.1 Branch
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: