Closed
Bug 566785
Opened 14 years ago
Closed 14 years ago
Memory exhaustion (OOM) crashes with long JS strings
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: geinblues, Unassigned)
References
()
Details
(Keywords: crash, Whiteboard: [sg:dos])
Attachments
(2 files)
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2) Build Identifier: Mozilla/5.0, rv:1.9.2.3, Gecko/20100401 Memory exhaustion of Firefox 3.6.3 (latest) <= makes firefox can't make texts into body element and then it crashed. ( raise exception using PoC #1, lower memory area read access violation using PoC #2 ) Ofcourse an variation PoC made NULL Pointer deref so may also could be code execution ( 0.1 % ). :-) securityfocus post: http://www.securityfocus.com/archive/1/511329/30/0/threaded Reproducible: Always Actual Results: Crashes, code execution posibility Expected Results: Creashes and code execution
Comment 1•14 years ago
|
||
Comment 2•14 years ago
|
||
Comment 3•14 years ago
|
||
This is similar enough to bug 537620, and not-scary enough, that I'm treating it as a dup. My bug 537620 comment 5 still stands, although this testcase wasn't even claimed to produce anything other than a null deref.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Keywords: crash
Resolution: --- → DUPLICATE
Summary: Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities → Memory exhaustion (OOM) crashes with long JS strings
Whiteboard: [sg:dos]
Ofcourse Memory bug 537620 and others also Using memory Exahausion (loop)... but not the same result ( crash location ) it because different ways to write PoC code. so i don't think as mozilla firefox peopls. yeah. i just want to solve this bug ( all cases ) so posted it. and i think "im first of this vulnerability for my PoC and the way.". NULL Deref is really scray... right.
Resolution: DUPLICATE → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•