User Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20100101 Firefox/17.0 Build ID: 20121130221523 Steps to reproduce: Currently, Firefox (tested on 17.0.1 on GNU/Linux) locks up when attempting to load deflated content when (a) the content does not end and (b) the content is sent in sufficiently large chunks. For proof of concept, see http://shared.cathyjf.com/crafted-image.png which is a crafted "image" that should lock up Firefox within a couple seconds, rendering it nonresponsive to any further input. This image can be embedded on other pages, and then those pages will lock up Firefox as well. It's probably even more potent if you embed multiple of these images on one page. One potential application of this issue is that anybody could post something like [img]http://shared.cathyjf.com/crafted-image.png[/img] on a forum and then any Firefox users viewing the forum would be locked up. The crafted-image.png file is actually a trivial PHP program, specifically the following program: <?php header('Content-type: image/png'); $s = sprintf("%60000u\n", 0); while (true) echo $s; ?> To deploy on Apache, you would have to set something like this in the .htaccess file: AddOutputFilterByType DEFLATE image/png Actual results: http://shared.cathyjf.com/crafted-image.png causes Firefox to lock up Expected results: Firefox should not lock up
OS: Linux → All
Hardware: x86 → All
Version: unspecified → 17 Branch
Public version at Bug #832586.
Duplicate of this bug: 832586
Opening per Cathy's request.
Component: General → Networking: HTTP
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.