User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11 Steps to reproduce: I'm writing to you for inform about a bug in firefox. It crash loading a special html page. It is similar to "Bug 312588 - Firefox crash accessing the page" Actual results: It works in linux and windows with the last version of firefox or older, but Crome and IE are not affected. It caused instantaneously 100% cpu usage, the instant crash of the program and memory exaustion in some time dependeing of de memory and causing and causing a denial of service in the system. Please, could you send me some info about bug bounty program for this kind of bugs? I'm thinking in not publish it. I sent the details of the crash and my email address (this one) throught the form which appears when the crash is done. Expected results: The load of the web page.
Severity: normal → critical
Component: Untriaged → General
OS: Windows XP → All
could you please go to about:crashes in your firefox and give us the report ID of the crash? If you could also let us know the following: * What add-ons / extensions are installed? * Full platform information (os, service pack, etc) * What version of firefox you tested
Using document.write to exhaust client resources is a known problem. Do you see any crash stack that isn't just an intentional out-of-memory abort? If so, please attach the HTML file demonstrating the crash.
Summary: An Html page can crash mozilla firefox → An Html page can crash mozilla firefox (document.write causing OOM abort / 100% CPU)
If you need more info contact with me.
Can you attach the stack trace for the crash?
Created attachment 641092 [details] crash stack, Linux64 debug build Here's the stack I get in a trunk debug build on Linux64. It's a safe OOM abort. I also got the "Unresponsive Script" warning dialog before that, so everything works as expected as far as I can tell.
It can DDOS the client system, with a heavy HTML code firefox crash, but with a low HTML file the system overload during a long time can cause a reboot by the user, becouse most of the users don't know how to kill the firefox process and the user can't open any program by the memory exhaustion in windows xp. With a linux live distro it's easy kill the firefox process and stop the overload of the system, but it the users don't do it, the Linux live distro can colapse in a sort time. With a powerfull computer, probably the system never will crash, only Firefox.
Yes, but we're already aware of that, so unless you have a testcase that cause a crash that isn't an out-of-memory abort this is just a dupe of bug 112858 or something.
Status: UNCONFIRMED → NEW
Ever confirmed: true
An scriptkiddie published a variant of this code, but less powerfull, some days ago, afther you open this vulnerability to all the world: http://packetstormsecurity.org/files/115648/Mozilla-Firefox-14.01-Denial-Of-Service.html The vulnerability described in this post can be used against firefox v15.0.1 The bug bounty program don't work.
Firefox v16.0.2 is vulnerable too, please check and fix de bug.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 612029
You need to log in before you can comment on or make changes to this bug.