Webpages can exploit the \con\con instant-crash bug.

VERIFIED DUPLICATE of bug 29079

Status

SeaMonkey
General
--
major
VERIFIED DUPLICATE of bug 29079
17 years ago
13 years ago

People

(Reporter: Lasse Kärkkäinen, Assigned: asa)

Tracking

Trunk
x86
Windows 98

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

17 years ago
There is a well known bug in W98 (probably some other versions too) that causes
instant BSOD saying Exception 0E and usually leads to instant halt after few BSODs.

In Mozilla ANY WEBPAGE ON THE NET (including URL entered in this bug-report) can
exploit this, making Windows halt instantly. In addition to that it probably
allows minimal security-hole: webpages can link images from user's harddrive,
which might in some cases confuse user to think that the webpage can hack his
personal files.

Currently [img src="file://c|/con/con"] (with lt and gt instead of
square-brackets, of course) on a webpage causes halt.

Solution for this is to prevent linking to FILE://-URLs from webpages (except
when the original webpage is actually loaded from user's HD).

Comment 1

17 years ago
oh come on. this is an extremely old bug and it only takes a few seconds to 
search for 'con/con' and find it.

*** This bug has been marked as a duplicate of 29079 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE
verified dupe
Status: RESOLVED → VERIFIED
(Reporter)

Comment 3

17 years ago
Sorry about dupe. I tried searching, but for some reason it didn't work at the
moment.
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.