Closed Bug 583474 Opened 14 years ago Closed 10 years ago

Hangs/slowness on a very long URL in internal pages (about:neterror)

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Version:
3.6 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: Lostmon, Unassigned)

Details

(4 keywords, Whiteboard: [testday-20110603])

Attachments

(2 files)

Test case PoC
992.39 KB, text/html
Details
testhtml.html
2.41 KB, text/html
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8

Firefox is prone vulnerable to a hang all time , or crash insome cases with a very long URL.
Internal web pages like about:neterror does not limit the amount of chars that a user put in 'c' 'd' params and them if we compose a malformed url the browser can be hang easy.
This issue isn´t exploitable via web links like <a href="very long URL">click here</a> or via window.location.replace('very long url') but i put is as a security threat for prevent analisys from attackers and found posible new vectors.

Reproducible: Always

Steps to Reproduce:
1.Create a html doc with a very long URL link.
2.open the html file and click in the link 
3.go to addressbar and press enter

The browser is hanging
Actual Results:  
Browser hang

Expected Results:  
browser hang or crash
Attached file Test case PoC 
open the test case and wait until it replace url location , and then put the cursor on addressbar ann press enter
k-meleon in windows do a crash , i have tedted it on windows xp sp3 and windows 7 ultimate and in all cases k-meleon crash and firefox hangs.
if the test case does not work , please in when open it , change 'd' param to 'c'
and press enter , or change change 'd' param to 'c' and after '=' symbol add a double quot "
k-meleon bug tracker URL for this case => http://kmeleon.sourceforge.net/bugs/viewbug.php?bugid=1251
The testcase is wfm with Firefox3.6 and current trunk build.
Group: core-security
Keywords: hang, testcase
Version: unspecified → 3.6 Branch
it's a bit slow but I don't see any hang or crash in Firefox 4.0.
Yes it takes several seconds to load the URL and also cursor movement in the URL is slow. Bug no permanent hang or crash in Aurora 6. However, loading that error page makes memory use increasy by about 40MB of memory in heap-unclassified region (according to about:memory). After a second or two memory goes down to previous levels.
Severity: critical → normal
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: footprint, perf
OS: Windows 7 → All
Hardware: x86 → All
Summary: Hangs on a very long URL in internal pages ( about:neterror) → Hangs/slowness on a very long URL in internal pages (about:neterror)
Whiteboard: [testday-20110603]
Attached file testhtml.html 
2400 character link works for me
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: