User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2) Build Identifier: Mozilla/5.0, rv:18.104.22.168, Gecko/20100401 Memory exhaustion of Firefox 3.6.3 (latest) <= makes firefox can't make texts into body element and then it crashed. ( raise exception using PoC #1, lower memory area read access violation using PoC #2 ) Ofcourse an variation PoC made NULL Pointer deref so may also could be code execution ( 0.1 % ). :-) securityfocus post: http://www.securityfocus.com/archive/1/511329/30/0/threaded Reproducible: Always Actual Results: Crashes, code execution posibility Expected Results: Creashes and code execution
This is similar enough to bug 537620, and not-scary enough, that I'm treating it as a dup. My bug 537620 comment 5 still stands, although this testcase wasn't even claimed to produce anything other than a null deref.
Ofcourse Memory bug 537620 and others also Using memory Exahausion (loop)... but not the same result ( crash location ) it because different ways to write PoC code. so i don't think as mozilla firefox peopls. yeah. i just want to solve this bug ( all cases ) so posted it. and i think "im first of this vulnerability for my PoC and the way.". NULL Deref is really scray... right.