Closed Bug 607259 Opened 15 years ago Closed 3 years ago

Firefox crashes OOM, high cpu and ram load, stop script window is not working

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
3.6 Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: chrisbraun09, Unassigned)

Details

(Keywords: crash, testcase, Whiteboard: [sg:dos])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 When opening a Website which generates automatical Text with javascript document write, firefox loads more and more into the ram, cpu und ram is under heavy load, and firefox will crash Reproducible: Always Steps to Reproduce: 1. Generatore a new html file with this content <html><head><title>Test</title> </head><body> <script type="text/javascript"> document.write('<p style="white-space:nowrap">'); var Zeile = 'Zeile'; for (var i = 1; i <= 5^20; i++) { Zeile = Zeile + " Zeile"; document.write("<br>Zeile " + Zeile); } </script> </body></html> 2.open the file with firefox 3.firefox will crash Actual Results: I propose following possible solution: Set a maximum of MB wich firefox is loading per website the software should stop the execution of the script
Marcia will try to reproduce.
I was able to reproduce this using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11. My crash report is still processing but here it is: http://crash-stats.mozilla.com/report/pending/75a20248-59c9-4259-a365-2c2962101026
Status: UNCONFIRMED → NEW
Ever confirmed: true
Version: unspecified → 3.6 Branch
I reproduced my script now with a better machine ( Windows 7 64 Bit - AMD Quad Core 2,8 GHZ 6GB RAM ) Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 Firefox loads really fast about 1,5 GB into Ram before it crashes I ve compared it with other browsers (Opera x32 10.63, Internet Explorer 9 beta (9.0.7930.16406)) The other browsers are filling the ram much slower and after about 1,7-2 GB they are stopping the script. For me it looks as if firefox got a problem with the loading of the script itself or by how it loads. Because it gets to fast and the cpu load is much less than in the 2 other browsers.
loading a html file wich contains 10.000.000 Bytes will crash firefox too http://www.cbraun-web.de/ff/muchcrap.html the onlything what was written in the file is "x" 9990010 chars
I have made some more tests and it looks like firefox does not crash when the computer is running with only 512 MB Ram Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 Windows XP (XP Mode from Windows 7) Test with http://www.cbraun-web.de/ff/muchcrap.html Screenshot of the Task Manager http://cbraun-web.de/ff/taskmanager.jpg Test with the javascript code (Stop Script Window was working) Screenshot of the Task Manager http://cbraun-web.de/ff/taskmanager2.jpg Test with the javascript code (Stop Script Window was working (3 Times Resume Script) ) Screenshot of the Task Manager http://cbraun-web.de/ff/taskmanager2.jpg Mozilla / 5.0 ( Windows; Windows NT 5.0; de; vr:1.9.2.11 ) Gecko/201012 Firefox 3.6.11 Windows 2000 ( 5.00.2195 ) 512MB Ram 3,20 GHZ P4 Computer
Christian: Do you have any crashes that actually show the stack trace? If you type about:crashes you can see the report IDs.
ps. The first report is made with the 10.000.000 Byte file the second with the javascript code
So far your crash reports look like what I expect to see: we've run out of memory and crashed on an uncaught exception. Not very graceful, but suicide is better than an exploitable condition. Have you seen any crashes that show evidence of exploitability?
Whiteboard: [sg:dos]
No, i've never seen this somewhere else before ... ps The script is the result of a boring school lesson ;)
No evidence of a significant/non-public vulnerability here, and I can only imagine that we've gotten better since this report was filed. Opening this up.
Group: core-security
Tested this with Firefox 18.0.2 still crashes
Keywords: crash
Summary: Firefox crashes, high cpu and ram load, stop script window is not working → Firefox crashes OOM, high cpu and ram load, stop script window is not working
Keywords: testcase

The good news is that these days, with process separation, this kind of attack will bring down the tab or the frame, as opposed to the whole browser.

I think there's not a whole lot more we can do here. Sites can use things and consume memory - I don't think there's a whole lot actionable here beyond what we've already done with process separation.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.