Closed
Bug 606790
Opened 14 years ago
Closed 12 years ago
Firefox crashed after document.write function execution
Categories
(Core :: General, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: tomaszkalinowski123, Unassigned)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
274 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 This code still crashed Firefox (sometimes DEP report error): var payload = ""; var i=0; for(i=0;i<100000000;i++) payload+="a"; document.write(payload); Reproducible: Always
|
Reporter | |
Comment 1•14 years ago
|
||
Exmple
|
|
Reporter | |
Updated•14 years ago
|
Version: unspecified → 3.6 Branch
|
|
Reporter | |
Updated•14 years ago
|
Component: General → Security
|
|
Reporter | |
Updated•14 years ago
|
Severity: normal → critical
|
|
Reporter | |
Updated•14 years ago
|
Priority: -- → P1
|
||
Comment 2•14 years ago
|
||
I get a slow script warning with FF3.11 and Seamonkey trunk on win32 Why do you think that the crash is security related ? Please post a crash ID https://developer.mozilla.org/en/How_to_get_a_stacktrace_for_a_bug_report
|
||
Updated•14 years ago
|
QA Contact: general → firefox
|
|
Reporter | |
Comment 3•14 years ago
|
||
Firefox 3.6.12 repair this vulnerable. I discovered it one day before it: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
|
||
Comment 5•14 years ago
|
||
This is nothing like bug 607222. The long string here is causing an Out of Memory (OOM) condition, which should fail safely. There may be cases where it doesn't if you're seeing a DEP violation (on WinXP, right?). IIRC we have a nearly identical bug based on a milw0rm or exploit-db testcase, this is a fairly obvious DoS attack and has been reported a lot.
Whiteboard: DUPEME
|
||
Updated•14 years ago
|
Component: Security → General
Priority: P1 → --
Product: Firefox → Core
QA Contact: firefox → general
Version: 3.6 Branch → unspecified
|
||
Comment 6•13 years ago
|
||
Reporter -> Are you still experiencing this issue with the latest version of Firefox 6? Does the issue occur with the latest nightly? http://nightly.mozilla.org/
Crash Signature: [@ libxul.so (deleted)@0x9a59fa ]
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•