798937 - segfault when browsing to moz-icon uri scheme

Status: RESOLVED DUPLICATE of bug 789059

(Core :: Security, defect)

Description

[Frederik Braun [:freddy]]

When I open a new tab and enter the following URI, firefox crashes: 
moz-icon://unknown?size=16

I couldn't make any of the obvious content inclusion (img, src, embed, object) or redirection methods (location.href, meta refresh, http 30x) work to crash the browser non-manually. Although I had some unreliable instant crashes with tabs loading after a browser restart.

Sorry for being a little incomplete here, I didn't know which component to pick. Would you be so kind and sort it out for me? Also, I am not sure whether this is an actual security problem, but I'd rather have this crash be private and then lifted than the other way around

Comment 1

[Bob Clary [:bc] (inactive)]

Can you submit a crash report and paste the crash report id here?

Comment 2

[Bob Clary [:bc] (inactive)]

In a debug OSX Nightly and Aurora but not Beta build I get:

Assertion failure: false (All IPDL URIs must be serializable or an allowed scheme!), at /work/mozilla/builds/nightly/mozilla/ipc/glue/URIUtils.cpp:83

I don't crash with an opt OSX Nightly or Aurora though.

Comment 3

[Bob Clary [:bc] (inactive)]

I reproduced the assertion on a recent Nightly debug build on rhel6 64bit but not with a build from today.

On a recent Nightly opt build I got

bp-44c35d41-c57b-44e4-8c4e-b6f192121007
Firefox 18.0a1 Crash Report [@ nsACString_internal::EqualsASCII ] 

looks like a dupe of 789059. bug 789059 was fixed yesterday, so this should be fixed in today's nightly.

freddyb: Can you reproduce with a nightly build from today? If so, please reopen.

Comment 4

[Frederik Braun [:freddy]]

It's fixed in the current nightly, thanks for sorting it out :)