User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:22.214.171.124) Gecko/20100722 Firefox/3.6.8 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:126.96.36.199) Gecko/20100722 Firefox/3.6.8 Firefox is prone vulnerable to a hang all time , or crash insome cases with a very long URL. Internal web pages like about:neterror does not limit the amount of chars that a user put in 'c' 'd' params and them if we compose a malformed url the browser can be hang easy. This issue isn´t exploitable via web links like <a href="very long URL">click here</a> or via window.location.replace('very long url') but i put is as a security threat for prevent analisys from attackers and found posible new vectors. Reproducible: Always Steps to Reproduce: 1.Create a html doc with a very long URL link. 2.open the html file and click in the link 3.go to addressbar and press enter The browser is hanging Actual Results: Browser hang Expected Results: browser hang or crash
open the test case and wait until it replace url location , and then put the cursor on addressbar ann press enter
k-meleon in windows do a crash , i have tedted it on windows xp sp3 and windows 7 ultimate and in all cases k-meleon crash and firefox hangs.
if the test case does not work , please in when open it , change 'd' param to 'c' and press enter , or change change 'd' param to 'c' and after '=' symbol add a double quot "
k-meleon bug tracker URL for this case => http://kmeleon.sourceforge.net/bugs/viewbug.php?bugid=1251
The testcase is wfm with Firefox3.6 and current trunk build.
Keywords: hang, testcase
it's a bit slow but I don't see any hang or crash in Firefox 4.0.
Yes it takes several seconds to load the URL and also cursor movement in the URL is slow. Bug no permanent hang or crash in Aurora 6. However, loading that error page makes memory use increasy by about 40MB of memory in heap-unclassified region (according to about:memory). After a second or two memory goes down to previous levels.
Severity: critical → normal
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: footprint, perf
OS: Windows 7 → All
Hardware: x86 → All
Summary: Hangs on a very long URL in internal pages ( about:neterror) → Hangs/slowness on a very long URL in internal pages (about:neterror)
2400 character link works for me
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.