Closed
Bug 509873
Opened 15 years ago
Closed 15 years ago
Crash [@ Flash Player @0x185e5c]
Categories
(External Software Affecting Firefox Graveyard :: Flash (Adobe), defect)
External Software Affecting Firefox Graveyard
Flash (Adobe)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bc, Assigned: cliss)
References
()
Details
(Keywords: crash, Whiteboard: [sg:vector-? (flash)] Fixed 10.0.42.34)
Crash Data
Attachments
(1 file)
149.78 KB,
application/zip
|
Details |
bp-f835187d-68f7-4dad-83f7-fa4582090811
http://www.septemberhase.com/gallery/myalbum.html
bp-770685ec-537e-4f2c-bb36-a77f62090811
http://cgi.ebay.fr/ws/eBayISAPI.dll?ViewItem&item=180392674442&ssPageName=STRK
bp-5369bfcc-72bb-493a-b7af-bec5f2090811
http://cgi.ebay.de/Wandhalter-fuer-Panasonic-Flachbildschirm-37-bis-54-Zoll_W0QQitemZ170364381910QQcmdZViewItemQQptZDE_Audio_Hi_Fi_TV_Video_Elektronik_Wand_Deckenhalterungen?hash=item27aa822ad6&_trksid=p3286.c0.m14
This one is different I think. soccorro has a problem submitting the report and also crashes windows but doesn't fire crash reporter there
http://www.youm7.com/new/index.html
Reporter | ||
Updated•15 years ago
|
Whiteboard: [sg:vector-? (flash)]
Comment 1•15 years ago
|
||
This is crossplatform, also crashes on Windows.
Reproducible testcase (also crashes on load) is www.ocbeachweek.com/party-pics.php
Crashes Windows, Mac on Load
Mac Breakpad : http://crash-stats.mozilla.com/report/index/7b372cb9-356e-4383-ac94-03dc62090812
Windows: http://crash-stats.mozilla.com/report/index/b7fd9ec1-6a8b-4de0-82d0-b5ad32090812?p=1
Severity: normal → critical
OS: Mac OS X → All
Hardware: x86 → All
Comment 2•15 years ago
|
||
and the !exploitable report for this party url is :
(ff4.78c): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=0494d258 ecx=0a947600 edx=00000000 esi=0a947600 edi=00000000
eip=0a4e08dc esp=0012e7a0 ebp=0a8c9670 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
NPSWF32+0xd08dc:
0a4e08dc 8b889c000000 mov ecx,dword ptr [eax+9Ch] ds:0023:0000009c=????????
0:000> cdb: Reading initial command '!load winext\msec.dll;.logappend;!exploitable;k;q'
Opened log file 'dbgeng.log'
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
Exploitability Classification: UNKNOWN
Recommended Bug Title: Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at NPSWF32+0x00000000000d08dc (Hash=0x3c3e750a.0x7c7d
The data from the faulting address is later used as one or more of the arguments to a function call.
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0012e7a4 0a4a400e NPSWF32+0xd08dc
0012e808 0a4f98be NPSWF32+0x9400e
00000000 00000000 NPSWF32+0xe98be
quit:
Comment 3•15 years ago
|
||
also crashes on load on http://www.ztr-agrokft.hu/egyoldalas_csonkazo.html on windows and mac
Great info guys thanks for the URLs! Repro'd on Mac and Windows on current and dev releases.
Internal bug number for tracking is - 2407140. I am trying to isolate the offending swf's If you happen to do that before I do could you attach it for me?
Comment 6•15 years ago
|
||
here are the flash files from http://www.ztr-agrokft.hu/egyoldalas_csonkazo.html and http://www.ocbeachweek.com/party-pics.php
1[1].swf is from http://www.ocbeachweek.com/party-pics.php the others from http://www.ztr-agrokft.hu/egyoldalas_csonkazo.html
Thanks Carsten. I had pulled the swf's from Ztr-arokft.hu but can't get them to crash on their own. Did any of these crash for you locally?
Comment 8•15 years ago
|
||
(In reply to comment #7)
> Thanks Carsten. I had pulled the swf's from Ztr-arokft.hu but can't get them
> to crash on their own. Did any of these crash for you locally?
Hi Charles, no i was not able to just crash on this flash files locally (but also not sure if i missed a step there).
Comment 9•15 years ago
|
||
Note: this seems to be "TopCrash" during my !exploitable Testing during the Testing with the Crash Urls
Assignee | ||
Comment 10•15 years ago
|
||
2407140 - internal bug. Looks like we'll have this fixed.
Summary: Crash [ @ Flash Player @0x185e5c] → Crash [@ Flash Player @0x185e5c]
Assignee | ||
Comment 11•15 years ago
|
||
Fixed in Flash Player 10.0.42.34
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Assignee: nobody → cliss
Component: Plug-ins → Flash (Adobe)
Product: Core → Plugins
QA Contact: plugins → adobe-flash
Resolution: WORKSFORME → FIXED
Whiteboard: [sg:vector-? (flash)] → [sg:vector-? (flash)] Fixed 10.0.42.34
Target Milestone: --- → Dec 2009
Version: Trunk → 10.x
Updated•14 years ago
|
Crash Signature: [@ Flash Player @0x185e5c]
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
Comment 12•9 years ago
|
||
Version and milestone values are being reset to defaults as part of product refactoring.
Target Milestone: Dec 2009 → ---
Version: 10.x → unspecified
Updated•2 years ago
|
Product: External Software Affecting Firefox → External Software Affecting Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•