Closed Bug 774228 Opened 9 years ago Closed 1 year ago

JS recursive selfinclude - CRASH.

Categories

(Core :: Security, defect, P3)

x86_64
Windows 7
defect

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: xak.cannopm, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, csectype-dos, testcase)

Attachments

(1 file)

Save attached file as "test.html" and open in Firefox.
It fills all virtual address space and crashes.
Uncontrolled recursively self-include (as JS <script src="[self]">).
Possible new heap-spray method.
Do you hvae a crash report ID? In general DOS issues of this sort that use up all your memory are annoying but not exploitable and so we can unmark the private flag unless there is a particular bug here.
Crash reporter couldnt send report. Dont know why.
you can visit about:crashes in your browser to resubmit the reports and visit the crash report online
Group: core-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: csec-dos
Keywords: crash, testcase
Keywords: sec-other
Component: General → Security
Priority: -- → P3
Product: Firefox → Core

Trying this out in a modern Nightly it seems completely harmless to me. The parent process is fully responsive and memory fills very slowly. Calling this a WORKSFORME.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.