Open
Bug 741757
Opened 12 years ago
Updated 1 year ago
Reported Crash / vulnerability
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
REOPENED
People
(Reporter: curtisk, Unassigned)
References
Details
(Keywords: crash, csectype-oom, testcase, Whiteboard: [sg:dos])
Crash Data
Attachments
(1 file)
859 bytes,
text/html
|
Details |
Message from reporter: ======================= From: George G <geotin@hotmail.com> Subject: URGENT Date: April 1, 2012 4:41:22 PM PDT Hi, I'm contacting you because I've found a vulnerability o Mozilla Firefox browser. I did two exploits in Javascript, they're related with denial of service. One of the exploit just show down the home page. The other is really powerfull, it close the browser and show a message saying that firefox crashed to restart the browser again. I am contacting you because would like know if you're the right person to try make a deal about this and talk about details. If yes I can send you all the details after we get a deal. Let me know something ASAP, Kind Regards!
I got a non-exploitable OOM crash with the testcase.
Assignee: ashuk → nobody
Component: Java APIs for DOM → DOM: Core & HTML
QA Contact: dom-apis → general
Comment 3•12 years ago
|
||
Indeed: 0 mozalloc.dll mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:79 1 mozalloc.dll mozalloc_handle_oom memory/mozalloc/mozalloc_oom.cpp:60 2 mozalloc.dll moz_xrealloc memory/mozalloc/mozalloc.cpp:137 3 xul.dll nsGenericDOMDataNode::SetTextInternal This should be opened up and marked with whatever the current equivalent of sg:dos is.
Keywords: crash
Updated•12 years ago
|
Whiteboard: [sg:dos]
Comment 4•12 years ago
|
||
Dupe of bug 741090?
Severity: normal → critical
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsGenericDOMDataNode::SetTextInternal(unsigned int, unsigned int, wchar_t const*, unsigned int, bool, CharacterDataChangeInfo::Details*)]
Updated•9 years ago
|
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsGenericDOMDataNode::SetTextInternal(unsigned int, unsigned int, wchar_t const*, unsigned int, bool, CharacterDataChangeInfo::Details*)] → [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsGenericDOMDataNode::SetTextInternal(unsigned int, unsigned int, wchar_t const*, unsigned int, bool, CharacterDataChangeInfo::Details*)]
[@ mozalloc_abort | mozall…
Updated•6 years ago
|
Priority: -- → P5
Comment 6•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Comment 7•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Reopening because crash bugs **with testcases** should not be resolved **as WONTFIX** based on queries of crash-stats. Other resolutions may be appropriate for other reasons. (Crash signatures are not the same as bug identity; they're merely a search aid to find and group similar crashes. The bug may still be present, but the signature may have changed slightly, or the bug may even still be present with the same signature but there are simply no recent reports of crashes in that function.)
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Updated•2 years ago
|
Severity: critical → S2
Comment 9•2 years ago
|
||
Since the crash volume is low (less than 5 per week), the severity is downgraded to S3
. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
Severity: S2 → S3
Updated•1 year ago
|
Crash Signature: [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsGenericDOMDataNode::SetTextInternal(unsigned int, unsigned int, wchar_t const*, unsigned int, bool, CharacterDataChangeInfo::Details*)]
[@ mozalloc_abort | mozall… → [@ mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xrealloc | nsGenericDOMDataNode::SetTextInternal]
[@ mozalloc_abort | mozalloc_handle_oom | moz_xrealloc | nsGenericDOMDataNode::SetTextInternal]
You need to log in
before you can comment on or make changes to this bug.
Description
•