User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; hu; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; hu; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
A simple file that containts 1023 Unix LF chars kills Firefox, but it works on IE, Chrome, Opera, Safari. Tested on Firefox 3.6 and on 3.5.4 as well.
You can try it here: http://ade.web.elte.hu/_1023LF.txt
Steps to Reproduce:
1. Create a simple text file with 1023 LF. Maybe less is enough, I've tested with 1023.
2. Open it with Firefox
3. Now you can restart your Firefox...
Testing on Minefield latest nightly build produces a hang, no crash.
Created attachment 434180 [details]
Stack of main thread
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20100316 Firefox/3.6.2
Fx hangs [@ xul!nsScannerIterator::advance] with 100% cpu usage on the main thread. I haven't been able to figure out what the unloaded modules are but hopefully it's not important.
Bug 479959 will fix this eventually.
Firefox 3.6.12 on Ubuntu just hangs.
It works good in Firefox 10.0, Windows XP. Maybe Someone Fixed it?
Fixed by fixing bug 479959.
Created attachment 8484001 [details]
[Security approval request comment]
How easily could an exploit be constructed based on the patch?
Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?
Which older supported branches are affected by this flaw?
If not all supported branches, which bug introduced the flaw?
Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be?
How likely is this patch to cause regressions; how much testing does it need?