Closed
Bug 606790
Opened 14 years ago
Closed 12 years ago
Firefox crashed after document.write function execution
Categories
(Core :: General, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: tomaszkalinowski123, Unassigned)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
274 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 This code still crashed Firefox (sometimes DEP report error): var payload = ""; var i=0; for(i=0;i<100000000;i++) payload+="a"; document.write(payload); Reproducible: Always
Reporter | ||
Comment 1•14 years ago
|
||
Exmple
Reporter | ||
Updated•14 years ago
|
Version: unspecified → 3.6 Branch
Reporter | ||
Updated•14 years ago
|
Component: General → Security
Reporter | ||
Updated•14 years ago
|
Severity: normal → critical
Reporter | ||
Updated•14 years ago
|
Priority: -- → P1
Comment 2•14 years ago
|
||
I get a slow script warning with FF3.11 and Seamonkey trunk on win32 Why do you think that the crash is security related ? Please post a crash ID https://developer.mozilla.org/en/How_to_get_a_stacktrace_for_a_bug_report
Updated•14 years ago
|
QA Contact: general → firefox
Reporter | ||
Comment 3•14 years ago
|
||
Firefox 3.6.12 repair this vulnerable. I discovered it one day before it: https://bugzilla.mozilla.org/show_bug.cgi?id=607222
Comment 5•14 years ago
|
||
This is nothing like bug 607222. The long string here is causing an Out of Memory (OOM) condition, which should fail safely. There may be cases where it doesn't if you're seeing a DEP violation (on WinXP, right?). IIRC we have a nearly identical bug based on a milw0rm or exploit-db testcase, this is a fairly obvious DoS attack and has been reported a lot.
Whiteboard: DUPEME
Updated•14 years ago
|
Component: Security → General
Priority: P1 → --
Product: Firefox → Core
QA Contact: firefox → general
Version: 3.6 Branch → unspecified
Comment 6•13 years ago
|
||
Reporter -> Are you still experiencing this issue with the latest version of Firefox 6? Does the issue occur with the latest nightly? http://nightly.mozilla.org/
Crash Signature: [@ libxul.so (deleted)@0x9a59fa ]
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•